Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gcg6-xv4f-f749: janino vulnerable to denial of service due to stack overflow

janino 3.1.9 and earlier is subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.

ghsa
Open in Source
#dos#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-33546

janino vulnerable to denial of service due to stack overflow

Moderate severity GitHub Reviewed Published Jun 1, 2023 to the GitHub Advisory Database • Updated Jun 6, 2023

Package

maven org.codehaus.janino:janino-parent (Maven)

Affected versions

<= 3.1.9

Published to the GitHub Advisory Database

Jun 1, 2023

Related news

CVE-2023-33546: A Stack overflow error · Issue #201 · janino-compiler/janino

janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.

ghsa: Latest News

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability
ghsa