CVE-2023-7272: Eclipse Parsson stack overflow when parsing deeply nested input
(updated )
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
References
- github.com/advisories/GHSA-2rwm-xv5j-777p
- github.com/eclipse-ee4j/parsson
- github.com/eclipse-ee4j/parsson/commit/755d2a86dff74fecc4114fbe7d21e071380c4e45
- github.com/eclipse-ee4j/parsson/commit/d0ec79badd44a940c82842954430762a2199f4e1
- github.com/eclipse-ee4j/parsson/issues/91
- gitlab.eclipse.org/security/vulnerability-reports/-/issues/12
- nvd.nist.gov/vuln/detail/CVE-2023-7272
Detect and mitigate CVE-2023-7272 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →