Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🔐 CVE-2023-4043: pkg:maven/org.eclipse.parsson/[email protected] #496

Closed
github-actions bot opened this issue Nov 5, 2023 · 1 comment
Closed
Labels
security Security related change

Comments

@github-actions
Copy link

github-actions bot commented Nov 5, 2023

Summary

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.

To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

CVE: CVE-2023-4043
CWE: CWE-20

References

@github-actions github-actions bot added the security Security related change label Nov 5, 2023
@kaklakariada
Copy link
Collaborator

This was fixed in #498

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security Security related change
Projects
None yet
Development

No branches or pull requests

1 participant