Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Parsson DoS when parsing numbers from untrusted sources
Vulnerability Description
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Eclipse Parsson 安全漏洞
Vulnerability Description
Eclipse Parsson是Eclipse基金会的一个 Jakarta JSON 处理规范的实现。 Eclipse Parsson 1.1.4之前版本存在安全漏洞,该漏洞源于从不受信任的来源解析JSON。
CVSS Information
N/A
Vulnerability Type
N/A