CVE-2022-45690: 
Java vulnerability analysis and mitigation

A stack overflow vulnerability was discovered in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json version 5.8.10. The vulnerability was assigned identifier CVE-2022-45690 and was disclosed on December 13, 2022. This vulnerability affects the JSONTokener component and allows attackers to cause a Denial of Service condition (NVD).

The vulnerability is caused by a stack overflow condition in the JSONTokener.nextValue method when processing deeply nested JSON structures. When parsing certain maliciously crafted JSON input with excessive nesting levels, the parser enters an infinite recursive state leading to a stack overflow error. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

When successfully exploited, this vulnerability allows attackers to cause a Denial of Service (DoS) condition by triggering a stack overflow in the application. This can result in the application becoming unresponsive or crashing when processing maliciously crafted JSON input (NVD).

The vulnerability has been fixed in subsequent versions after 5.8.10. Users are advised to upgrade to the latest version of hutool-json to mitigate this vulnerability (NVD).