GMS-2022-2792: Uncontrolled Resource Consumption in Spray JSON

June 28, 2022

Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently “open” parsing state is kept on the stack.

References

github.com/advisories/GHSA-ww3v-6xjf-jv28
github.com/spray/spray-json/pull/284
security.snyk.io/vuln/SNYK-JAVA-IOSPRAY-72601

Detect and mitigate GMS-2022-2792 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →