{"id":"CVE-2024-21907","details":"Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.","aliases":["GHSA-5crp-9r3c-p9vr"],"modified":"2026-04-10T05:10:42.611814Z","published":"2024-01-03T16:15:08.793Z","related":["GHSA-5crp-9r3c-p9vr"],"references":[{"type":"ADVISORY","url":"https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-5crp-9r3c-p9vr"},{"type":"REPORT","url":"https://github.com/JamesNK/Newtonsoft.Json/issues/2457"},{"type":"FIX","url":"https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66"},{"type":"FIX","url":"https://github.com/JamesNK/Newtonsoft.Json/pull/2462"},{"type":"EVIDENCE","url":"https://alephsecurity.com/2018/10/22/StackOverflowException/"},{"type":"EVIDENCE","url":"https://alephsecurity.com/vulns/aleph-2018004"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/JamesNK/Newtonsoft.Json","events":[{"introduced":"0"},{"fixed":"ae9fe44e1323e91bcbd185ca1a14099fba7c021f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"13.0.1"}]}},{"type":"GIT","repo":"https://github.com/jamesnk/newtonsoft.json","events":[{"introduced":"0"},{"fixed":"7e77bbe1beccceac4fc7b174b53abfefac278b66"}]}],"versions":["1.3.1","10.0.1","10.0.2","10.0.3","11.0.1","11.0.2","12.0.1","12.0.2","12.0.3","2.0.1","2.0.2","2.0.3","2.0.4","3.0.1","3.5.1","3.5.2","3.5.3","3.5.4","3.5.5","3.5.6","3.5.7","3.5.8","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.5.10","4.5.11","4.5.3","4.5.4","4.5.5","4.5.6","4.5.7","4.5.8","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","6.0.1","6.0.3","6.0.4","6.0.5","6.0.6","6.0.7","6.0.8","7.0.1","8.0.1","8.0.2","8.0.3","9.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21907.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}