Vulnerability Details CVE-2023-4043
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.
To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.2%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2023-4043
-
cpe:2.3:a:eclipse:parsson:-
-
cpe:2.3:a:eclipse:parsson:1.0.0
-
cpe:2.3:a:eclipse:parsson:1.0.1
-
cpe:2.3:a:eclipse:parsson:1.0.2
-
cpe:2.3:a:eclipse:parsson:1.0.3
-
cpe:2.3:a:eclipse:parsson:1.0.4
-
cpe:2.3:a:eclipse:parsson:1.1.0
-
cpe:2.3:a:eclipse:parsson:1.1.1
-
cpe:2.3:a:eclipse:parsson:1.1.2
-
cpe:2.3:a:eclipse:parsson:1.1.3