Описание
Eclipse Parsson stack overflow when parsing deeply nested input
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-7272
- https://github.com/eclipse-ee4j/parsson/issues/91
- https://github.com/eclipse-ee4j/parsson/commit/755d2a86dff74fecc4114fbe7d21e071380c4e45
- https://github.com/eclipse-ee4j/parsson/commit/d0ec79badd44a940c82842954430762a2199f4e1
- https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/12
Пакеты
org.eclipse.parsson:parsson
>= 1.1.0, < 1.1.3
1.1.3
org.eclipse.parsson:parsson
< 1.0.4
1.0.4
Связанные уязвимости
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.