{"id":"CVE-2022-25024","details":"The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.","aliases":["GHSA-8rj5-2857-877j","PYSEC-2023-149"],"modified":"2026-03-15T22:43:56.298259Z","published":"2023-08-22T19:16:22.173Z","references":[{"type":"WEB","url":"https://packaging.python.org/en/latest/guides/analyzing-pypi-package-downloads/"},{"type":"FIX","url":"https://github.com/vinitkumar/json2xml/pull/107"},{"type":"FIX","url":"https://github.com/vinitkumar/json2xml/pull/107/files"},{"type":"FIX","url":"https://github.com/vinitkumar/json2xml/issues/106"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vinitkumar/json2xml","events":[{"introduced":"0"},{"last_affected":"0112d08300d8b157fe8bf4312459773efed14b15"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.12.0"}]}}],"versions":["3.10.0","3.11.0","3.12.0","v1.0.0","v1.1.0","v1.2.2","v1.2.3","v1.2.5","v2.0.0","v2.1.0","v2.2.1","v3.0.0","v3.10.0rc1","v3.3.2","v3.3.3","v3.4.1","v3.5.0","v3.6.0","v3.7.0","v3.7.0beta1","v3.7.0beta2","v3.8.0","v3.8.3","v3.8.4","v3.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25024.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}