Описание
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
A stack overflow vulnerability was found in the Criteria.parse() method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service.
Отчет
Red Hat rates this at maximum of a Moderate impact. When interacting with a server to explore this possible vulnerability, the attacker would be the only one seeing a HTTP 500 error and no other user (or the server entirely) would be vulnerable in a real application scenario with multi-threads.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| AMQ Clients | json-path | Not affected | ||
| A-MQ Clients 2 | json-path | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | com.amazon.opendistroforelasticsearch-opendistro_security | Not affected | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Will not fix | ||
| OpenShift Serverless | json-path | Affected | ||
| Red Hat AMQ Broker 7 | json-path | Not affected | ||
| Red Hat build of Apicurio Registry 2 | json-path | Not affected | ||
| Red Hat build of Debezium 2 | json-path | Not affected | ||
| Red Hat Build of Keycloak | json-path | Not affected | ||
| Red Hat build of OptaPlanner 8 | json-path | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
json-path v2.8.0 was discovered to contain a stack overflow via the Cr ...
Уязвимость функции Criteria.parse() Java-библиотеки JsonPath, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3