Filtered by vendor Eclipse
Subscriptions
Filtered by product Parsson
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7272 | 1 Eclipse | 1 Parsson | 2025-02-06 | 8.6 High |
| In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents. | ||||
| CVE-2023-4043 | 2 Eclipse, Redhat | 6 Parsson, Camel Quarkus, Camel Spring Boot and 3 more | 2024-11-21 | 5.9 Medium |
| In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. | ||||
Page 1 of 1.