CVE-2023-7272

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.

Published: Jul 17, 2024
Updated: May 4, 2025
CVE: CVE-2023-7272
GHSA: GHSA-2rwm-xv5j-777p
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
org.eclipse.parsson / parsson	1.1.0	1.1.3
org.eclipse.parsson / parsson	-	1.0.4
eclipse / parsson	-	1.0.4
eclipse / parsson	1.1.0	1.1.3

https://github.com/eclipse-ee4j/parsson/commit/755d2a86dff74fecc4114fbe7d21e071380c4e45
https://github.com/eclipse-ee4j/parsson/commit/d0ec79badd44a940c82842954430762a2199f4e1
https://github.com/eclipse-ee4j/parsson/issues/91
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/12

Vulnerability Database

289,599

CVE-2023-7272