vulnerable to Denial Of Services (DoS)

Question

vulnerable to Denial Of Services (DoS)

wrenashe opened this issue a year ago · comments

Just got report from Veracode SCA,

CVE-2023-34610| CWE-787
Denial Of Services (DoS): json-io is vulnerable to Denial Of Services (DoS). The vulnerability exists due to a lack of nesting depth checks in the JsonParser.java, which allows an attacker to cause an application crash by passing the maliciously crafted JSON string.

Could you please take a look or fix it?

Thanks,

wrenashe · Answer 1 · Wed Sep 13 2023 14:49:24 GMT+0800 (China Standard Time)

It looks the duplicate of #169 ?

John DeRegnaucourt · Answer 2 · Thu Sep 14 2023 03:48:10 GMT+0800 (China Standard Time)

fixed in 4.14.1