Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Throw JsonMappingException for deeply nested JSON (#2816, CVE-2020-36518) #3416

Merged
merged 3 commits into from
Mar 22, 2022
Merged

Throw JsonMappingException for deeply nested JSON (#2816, CVE-2020-36518) #3416

merged 3 commits into from
Mar 22, 2022

Commits on Mar 16, 2022

  1. Throw a checked JsonMappingException instead of an unchecked StackOve… 

    …rflowException as a hotfix for FasterXML#2816, CVE-2020-36518
    @TaylorSMarks
    TaylorSMarks authored and Taylor Marks committed Mar 16, 2022
    Configuration menu
    Copy the full SHA
    f19edd2 View commit details
    Browse the repository at this point in the history

Commits on Mar 17, 2022

  1. Track depth of object being deserialized and abort if it's too deep (… 

    …arbitrary defined as 256 levels deep) as a hotfix for FasterXML#2816, CVE-2020-36518
    @TaylorSMarks
    TaylorSMarks authored and Taylor Marks committed Mar 17, 2022
    Configuration menu
    Copy the full SHA
    e7c34bc View commit details
    Browse the repository at this point in the history

  2. Increase the maximum depth from 256 to 1000. Update the unit tests to… 

    … use 1000 as a depth that's not too deep and 4000 as a depth that is.
    @TaylorSMarks
    TaylorSMarks authored and Taylor Marks committed Mar 17, 2022
    Configuration menu
    Copy the full SHA
    a6e8fe3 View commit details
    Browse the repository at this point in the history