Uncontrolled Resource Consumption in Spray JSON · CVE-2018-18855 · GitHub Advisory Database · GitHub

Uncontrolled Resource Consumption in Spray JSON

Moderate severity GitHub Reviewed Published Jun 28, 2022 to the GitHub Advisory Database • Updated Jan 12, 2023

Package

io.spray:spray-json (Maven)

Affected versions

< 1.3.5

Patched versions

1.3.5

Description

Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently "open" parsing state is kept on the stack.

References

Published to the GitHub Advisory Database Jun 28, 2022

Reviewed Jun 28, 2022

Last updated Jan 12, 2023