CVE-2018-18855 – io.spray:spray-json

Package

Manager: maven
Name: io.spray:spray-json
Vulnerable Version: >=0 <1.3.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Uncontrolled Resource Consumption in Spray JSON Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently "open" parsing state is kept on the stack.

Metadata

Created: 2022-06-28T23:23:20Z
Modified: 2022-06-28T23:23:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-ww3v-6xjf-jv28/GHSA-ww3v-6xjf-jv28.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-ww3v-6xjf-jv28
Finding: F067
Auto approve: 1