You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Stack overflow error caused by jjson serialization Map
Description
jjson before v0.1.7 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Error Log
Exception in thread "main" java.lang.StackOverflowError
at de.grobmeier.jjson.shaded.org.apache.commons.lang3.text.translate.AggregateTranslator.translate(AggregateTranslator.java:52)
at de.grobmeier.jjson.shaded.org.apache.commons.lang3.text.translate.AggregateTranslator.translate(AggregateTranslator.java:52)
at de.grobmeier.jjson.shaded.org.apache.commons.lang3.text.translate.CharSequenceTranslator.translate(CharSequenceTranslator.java:87)
at de.grobmeier.jjson.shaded.org.apache.commons.lang3.text.translate.CharSequenceTranslator.translate(CharSequenceTranslator.java:61)
at de.grobmeier.jjson.shaded.org.apache.commons.lang3.StringEscapeUtils.escapeJava(StringEscapeUtils.java:456)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeString(JSONAnnotationEncoder.java:286)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:149)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encode(JSONAnnotationEncoder.java:101)
at de.grobmeier.jjson.convert.JSONAnnotationEncoder.encodeMap(JSONAnnotationEncoder.java:151)
Refer to the solution of jackson-databind: Add the depth variable to record the current parsing depth. If the parsing depth exceeds a certain threshold, an exception is thrown. (FasterXML/jackson-databind@fcfc499)
Stack overflow error caused by jjson serialization Map
Description
jjson before v0.1.7 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Error Log
PoC
Rectification Solution
Refer to the solution of jackson-databind: Add the depth variable to record the current parsing depth. If the parsing depth exceeds a certain threshold, an exception is thrown. (FasterXML/jackson-databind@fcfc499)
Refer to the GSON solution: Change the recursive processing on deeply nested arrays or JSON objects to stack+iteration processing.((google/gson@2d01d6a20f39881c692977564c1ea591d9f39027))
References
The text was updated successfully, but these errors were encountered: