You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@calcite.apache.org by "Yubin Li (Jira)" <ji...@apache.org> on 2023/11/17 09:17:00 UTC

[jira] [Created] (CALCITE-6124) Upgrade json-path version to 2.8.0

Yubin Li created CALCITE-6124:
---------------------------------

             Summary: Upgrade json-path version to 2.8.0
                 Key: CALCITE-6124
                 URL: https://issues.apache.org/jira/browse/CALCITE-6124
             Project: Calcite
          Issue Type: Bug
          Components: core
            Reporter: Yubin Li


json-path has critical bugs in 2.7.0 used in Caclite project, see [https://github.com/json-path/JsonPath/issues/906]

cve: [https://www.cve.org/CVERecord?id=CVE-2023-1370]

the current version is vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object, and the issue has been fixed in 2.8.0.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)