Uncontrolled Recursion in org.codehaus.jettison:jettison
CVE-2023-1436
- org.codehaus.jettison:jettison
Summary
An infinite recursion is triggered in Jettison prior to 1.5.4 when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-674 - Uncontrolled Recursion
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
References
Advisory Timeline
- Published
