What is the severity of CVE-2022-46175?

CVE-2022-46175 is classified as a medium severity vulnerability.

How can I fix CVE-2022-46175?

To fix CVE-2022-46175, you should update the json5 package to version 2.2.2 or higher, or the rh-sso7-keycloak package to the specified remedial versions.

Which versions of json5 are affected by CVE-2022-46175?

CVE-2022-46175 affects json5 versions prior to 2.2.2.

What can attackers do with CVE-2022-46175?

Attackers can exploit CVE-2022-46175 to set arbitrary and unexpected keys on objects returned from JSON5.parse.

Is CVE-2022-46175 related to any specific software?

CVE-2022-46175 is specifically related to the json5 package and its integration within the rh-sso7-keycloak software.

Vulnerability/
CVE-2022-46175

high

8.8

CWE

1321

24/12/2022

29/12/2022

14/3/2025

CVE-2022-46175

First published: Sat Dec 24 2022(Updated: )

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
redhat/rh-sso7-keycloak	<0:18.0.6-1.redhat_00001.1.el7	0:18.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak	<0:18.0.6-1.redhat_00001.1.el8	0:18.0.6-1.redhat_00001.1.el8
redhat/rh-sso7-keycloak	<0:18.0.6-1.redhat_00001.1.el9	0:18.0.6-1.redhat_00001.1.el9
redhat/json5	<2.2.2	2.2.2
npm/json5	<1.0.2	1.0.2
npm/json5	>=2.0.0<2.2.2	2.2.2
IBM Security QRadar	<=3.12
JSON5	<1.0.2
JSON5	>=2.0.0<2.2.2
Red Hat Fedora	=37

Remedy

https://github.com/json5/json5/issues/199

Remedy

https://github.com/json5/json5/pull/298

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2022-46175?
CVE-2022-46175 is classified as a medium severity vulnerability.
How can I fix CVE-2022-46175?
To fix CVE-2022-46175, you should update the json5 package to version 2.2.2 or higher, or the rh-sso7-keycloak package to the specified remedial versions.
Which versions of json5 are affected by CVE-2022-46175?
CVE-2022-46175 affects json5 versions prior to 2.2.2.
What can attackers do with CVE-2022-46175?
Attackers can exploit CVE-2022-46175 to set arbitrary and unexpected keys on objects returned from JSON5.parse.
Is CVE-2022-46175 related to any specific software?
CVE-2022-46175 is specifically related to the json5 package and its integration within the rh-sso7-keycloak software.

collector/redhat-cve
agent/type
agent/remedy
agent/first-publish-date
agent/author
agent/severity
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-46175
agent/software-canonical-lookup
collector/github-advisory-latest
source/GitHub
alias/GHSA-9c47-m6qq-7p4h
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/event
agent/trending
agent/source
agent/description
collector/ibm-support
source/IBM
agent/references
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
agent/tags
agent/softwarecombine
collector/nvd-index
package-manager/redhat
package-manager/npm
vendor/ibm
canonical/ibm security qradar
version/ibm security qradar/3.12
vendor/json5
canonical/json5
version/json5/2.0.0
vendor/fedoraproject
canonical/red hat fedora
version/red hat fedora/37

CVE-2022-46175

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2022-46175?

How can I fix CVE-2022-46175?

Which versions of json5 are affected by CVE-2022-46175?

What can attackers do with CVE-2022-46175?

Is CVE-2022-46175 related to any specific software?

Company

Resources

Contact