{"id":"PYSEC-2023-149","details":"The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.","aliases":["CVE-2022-25024","GHSA-8rj5-2857-877j"],"modified":"2023-11-08T04:08:41.383065Z","published":"2023-08-22T19:16:00Z","references":[{"type":"WEB","url":"https://packaging.python.org/en/latest/guides/analyzing-pypi-package-downloads/"},{"type":"WEB","url":"https://github.com/vinitkumar/json2xml/pull/107/files"},{"type":"WEB","url":"https://github.com/vinitkumar/json2xml/pull/107"},{"type":"REPORT","url":"https://github.com/vinitkumar/json2xml/issues/106"}],"affected":[{"package":{"name":"json2xml","ecosystem":"PyPI","purl":"pkg:pypi/json2xml"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.14.0"}]}],"versions":["0.1","0.2","0.3","0.4","0.5","0.6","1.0.0","1.0.1","1.1.0","1.2.2","1.2.3","1.2.4","1.2.5","1.3.0","2.0.0","2.1.0","2.1.1","2.2.0","2.2.1","2.3.0","3.0.0","3.0.1","3.10.0","3.10.0rc1","3.12.0","3.3.0","3.3.1","3.3.2","3.3.3","3.4.0","3.4.1","3.5.0","3.6.0","3.7.0","3.7.0b1","3.7.0b2","3.8.0","3.8.1","3.8.2","3.8.3","3.8.4","3.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/json2xml/PYSEC-2023-149.yaml"}}],"schema_version":"1.7.3"}