vulnerability

Red Hat JBoss EAP: CVE-2023-4043: Improper Input Validation

Severity
5
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:C)
Published
Nov 3, 2023
Added
Sep 19, 2024
Modified
Jul 2, 2025

Description

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.
To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.. A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service (DoS) due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected.

Solution

red-hat-jboss-eap-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.