41 matches found
CVE-2026-9563
A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...
CVE-2026-9563
In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...
CVE-2026-9563
Eclipse Parsson JSON parser did not enforce a default maximum on parsed characters before 1.1.8, allowing DoS from attacker-controlled JSON via very large documents. The fixed version, Parsson 1.1.8, adds a configurable limit with a default of 15 million parser-consumed characters. Affected: Ecli...
CVE-2026-9563
In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...
CVE-2026-9563
In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced limits in the parser when processing JSON input. An attacker can cause excessive CPU and memory consumption by submitting very large or deeply nested JSON...
PT-2026-54936
Name of the Vulnerable Software and Affected Versions Eclipse Parsson versions prior to 1.1.8 Description The JSON parser does not enforce a default maximum on the number of characters consumed when parsing a single JSON document. This allows an attacker to provide specially crafted JSON document...
EUVD-2024-2228
Malicious code in bioql PyPI...
EUVD-2023-2963
Malicious code in bioql PyPI...
CVE-2023-7272
A flaw was found in Eclipse Parsson. A document containing a large depth of nested objects may allow an attacker to cause a Java stack overflow exception, potentially leading to a denial of service...
ai.timefold.solver:timefold-solver-quarkus-jsonb (>=0.9.38 <=1.2.0), ai.timefold.solver:timefold-solver-quarkus-jsonb-deployment (>=0.9.38 <=1.2.0) +2527 more potentially affected by CVE-2023-7272 via org.eclipse.parsson:parsson (>=1.1.0 <=1.1.2)
org.eclipse.parsson:parsson MAVEN version =1.1.0, =0.9.38, =0.9.38, =0.9.38, =22.12.0, =22.11.0, =22.9.0, =24.7.0, =22.5.0, =22.10.0, =22.11.0, =24.7.0 and more Source cves: CVE-2023-7272 Source advisory: OSV:GHSA-2RWM-XV5J-777P...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.2.0 <=7.4.5), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=7.2.0 <=7.4.5) +407 more potentially affected by CVE-2023-7272 via org.eclipse.parsson:parsson (>=1.0.0 <=1.0.3)
org.eclipse.parsson:parsson MAVEN version =1.0.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =1.0, =0.3.8, =0.3.0, =0.2.3, =1.1.0, =1.4.2 and more Source cves: CVE-2023-7272 Source advisory: OSV:GHSA-2RWM-XV5J-777P...
GHSA-2RWM-XV5J-777P Eclipse Parsson stack overflow when parsing deeply nested input
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...
Eclipse Parsson stack overflow when parsing deeply nested input
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...
CVE-2023-7272
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...
CVE-2023-7272 Eclipse Parsson stack overflow with deeply nested objects
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...
CVE-2023-7272 Eclipse Parsson stack overflow with deeply nested objects
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...
CVE-2023-7272
CVE-2023-7272 affects Eclipse Parsson prior to 1.0.4 and 1.1.3, where parsing JSON documents with a deeply nested structure can trigger a Java stack overflow and denial of service. The root cause is extremely nested object depth in JSON processing (parse/generate/transform/query). The CVSS base s...
CVE-2023-7272 Eclipse Parsson stack overflow with deeply nested objects
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...
parsson: Denial of Service due to large number parsing
A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected...