In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.

Affected Packages

Maven org.eclipse.parsson:parsson

Affected versions: 1.1.0 (fixed in 1.1.3)

Maven org.eclipse.parsson:parsson

Affected versions: 0 (fixed in 1.0.4)

Related CVEs

CVE-2023-7272

Key Information

GHSA ID

GHSA-2rwm-xv5j-777p

Published

July 17, 2024 3:30 PM

Last Modified

November 18, 2024 4:26 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.eclipse.parsson:parsson

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 9, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.