Skip to content

Eclipse Parsson stack overflow when parsing deeply nested input

High severity GitHub Reviewed Published Jul 17, 2024 to the GitHub Advisory Database • Updated Aug 6, 2024

Package

maven org.eclipse.parsson:parsson (Maven)

Affected versions

>= 1.1.0, < 1.1.3
< 1.0.4

Patched versions

1.1.3
1.0.4

Description

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.

References

Published by the National Vulnerability Database Jul 17, 2024
Published to the GitHub Advisory Database Jul 17, 2024
Reviewed Jul 17, 2024
Last updated Aug 6, 2024

Severity

High

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2023-7272

GHSA ID

GHSA-2rwm-xv5j-777p

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.