Hash collision in typelevel jawn
Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext() are vulnerable to a hash collision attack. Most applications do not implement these traits directly, but inherit from a library: Affected implementations include: org.http4s :: http4s-play-json org.typelevel :: jawn-ast (< 0.8.0) org.typelevel :: jawn-play (discontinued) org.typelevel :: jawn-rojoma (discontinued) org.typelevel :: jawn-spray (discontinued) Unaffected implementations include: io.argonaut :: argonaut-jawn io.circe :: circe-parser org.typelevel :: jawn-ast (>= 0.8.0) org.typelevel :: jawn-json4s …