{"uuid": "60f0b9cc-c6fd-4c23-a354-9801ced76e4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-4JQ9-2XHW-JPX7", "type": "seen", "source": "https://t.me/arpsyndicate/362", "content": "#ExploitObserverAlert\n\nGHSA-4jq9-2xhw-jpx7\n\nDESCRIPTION: Exploit Observer has 2 entries related to GHSA-4JQ9-2XHW-JPX7. A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using \\ to escape special characters, including \\ itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of \\ characters in the escaped string.", "creation_timestamp": "2023-11-22T17:42:16.000000Z"}