Описание
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
A flaw was found in Eclipse Parsson. A document containing a large depth of nested objects may allow an attacker to cause a Java stack overflow exception, potentially leading to a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 3 | org.eclipse.parsson/parsson | Not affected | ||
| OpenShift Serverless | org.eclipse.parsson/parsson | Not affected | ||
| Red Hat build of Apache Camel 4 for Quarkus 3 | org.eclipse.parsson/parsson | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | org.eclipse.parsson/parsson | Not affected | ||
| Red Hat build of Apache Camel - HawtIO 4 | org.eclipse.parsson/parsson | Not affected | ||
| Red Hat build of Apicurio Registry 2 | org.eclipse.parsson/parsson | Not affected | ||
| Red Hat build of Quarkus | org.eclipse.parsson.jakarta.json | Not affected | ||
| Red Hat build of Quarkus | org.eclipse.parsson.parsson | Not affected | ||
| Red Hat Fuse 7 | org.eclipse.parsson/parsson | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | org.eclipse.parsson-project | Not affected |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS3
Связанные уязвимости
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
Eclipse Parsson stack overflow when parsing deeply nested input
6.8 Medium
CVSS3