vulnerable to Denial Of Services (DoS)
wrenashe opened this issue · comments
Just got report from Veracode SCA,
CVE-2023-34610| CWE-787
Denial Of Services (DoS): json-io is vulnerable to Denial Of Services (DoS). The vulnerability exists due to a lack of nesting depth checks in the JsonParser.java
, which allows an attacker to cause an application crash by passing the maliciously crafted JSON string.
Could you please take a look or fix it?
Thanks,
fixed in 4.14.1