CVE-2024-57699: 
Java vulnerability analysis and mitigation

A security vulnerability was discovered in Netplex Json-smart versions 2.5.0 through 2.5.1. The vulnerability involves a stack exhaustion issue that occurs when processing specially crafted JSON input containing a large number of opening curly braces ('{'). This vulnerability is particularly notable as it represents an incomplete fix for a previous vulnerability (CVE-2023-1370) (NVD).

The vulnerability is classified as a Denial of Service (DoS) issue caused by uncontrolled recursion (CWE-674). When the Json-smart parser encounters a specially crafted JSON input with numerous opening curly braces, it triggers a stack exhaustion condition. The vulnerability has received a CVSS v3.1 base score of 7.5 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited remotely without requiring privileges or user interaction (NVD).

When successfully exploited, this vulnerability can lead to a Denial of Service condition, causing the application to crash. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (NVD).

The vulnerability has been fixed in Json-smart version 2.5.2. Users are strongly advised to upgrade to this version or later to address the security issue. For systems that cannot be immediately upgraded, no specific workarounds have been publicly documented (Debian Tracker).