CVE-2024-21907

CVE-2024-21907: Improper Handling of Exceptional Conditions in Newtonsoft.Json

Weakness CWE-755
Published January 3, 2024
Last update November 28, 2025

CVSS base score

What the vulnerability does

01Description

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

Key dates

02Disclosure timeline

January 3, 2024 CVE published
November 28, 2025 Record updated