CVSS 3.1 Score 7.5 of 10 (high)


Published Jan 3, 2024
Updated: Jan 17, 2024
CWE ID 755


CVE-2024-21907, also known as Newtonsoft.Json mishandling of exceptional conditions vulnerability, affects versions of Newtonsoft.Json before 13.0.1. This vulnerability allows a remote and unauthenticated attacker to cause a denial of service condition by triggering a StackOverflow exception when crafted data is passed to the JsonConvert.DeserializeObject method. The potential danger to an organization is high, as it can lead to a disruption of service. To remediate this vulnerability, organizations should update their Newtonsoft.Json library to version 13.0.1 or higher.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21907 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options