You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A stack overflow vulnerability exists in the Criteria.parse() method in json-path 2.8.0. Specially crafted input can cause uncontrolled recursion, resulting in stack overflow.
Error Log
java.lang.StackOverflowError
at com.jayway.jsonpath.internal.CharacterIndex.subSequence(CharacterIndex.java:286)
at com.jayway.jsonpath.internal.path.PathCompiler.readPropertyOrFunctionToken(PathCompiler.java:249)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:153)
at com.jayway.jsonpath.internal.path.PathCompiler.readBracketPropertyToken(PathCompiler.java:634)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:137)
at com.jayway.jsonpath.internal.path.PathCompiler.readPropertyOrFunctionToken(PathCompiler.java:256)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:153)
at com.jayway.jsonpath.internal.path.PathCompiler.readBracketPropertyToken(PathCompiler.java:634)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:137)
at com.jayway.jsonpath.internal.path.PathCompiler.readPropertyOrFunctionToken(PathCompiler.java:256)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:153)
at com.jayway.jsonpath.internal.path.PathCompiler.readBracketPropertyToken(PathCompiler.java:634)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:137)
at com.jayway.jsonpath.internal.path.PathCompiler.readPropertyOrFunctionToken(PathCompiler.java:256)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:153)
at com.jayway.jsonpath.internal.path.PathCompiler.readBracketPropertyToken(PathCompiler.java:634)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:137)
at com.jayway.jsonpath.internal.path.PathCompiler.readPropertyOrFunctionToken(PathCompiler.java:256)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:153)
at com.jayway.jsonpath.internal.path.PathCompiler.readBracketPropertyToken(PathCompiler.java:634)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:137)
at com.jayway.jsonpath.internal.path.PathCompiler.readPropertyOrFunctionToken(PathCompiler.java:256)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:153)
at com.jayway.jsonpath.internal.path.PathCompiler.readBracketPropertyToken(PathCompiler.java:634)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:137)
at com.jayway.jsonpath.internal.path.PathCompiler.readPropertyOrFunctionToken(PathCompiler.java:256)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:153)
at com.jayway.jsonpath.internal.path.PathCompiler.readBracketPropertyToken(PathCompiler.java:634)
at com.jayway.jsonpath.internal.path.PathCompiler.readNextToken(PathCompiler.java:137)
Stack Overflow
Description
A stack overflow vulnerability exists in the Criteria.parse() method in json-path 2.8.0. Specially crafted input can cause uncontrolled recursion, resulting in stack overflow.
Error Log
PoC
The text was updated successfully, but these errors were encountered: