[CALCITE-6124] Upgrade json-path version to 2.8.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.37.0
Component/s: core
Labels:
- pull-request-available

Description

json-path has critical bugs in 2.7.0 used in Caclite project, see https://github.com/json-path/JsonPath/issues/906

cve: https://www.cve.org/CVERecord?id=CVE-2023-1370

the current version is vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object, and the issue has been fixed in 2.8.0.

We should bump to to the latest version to resolve it.

Attachments

Issue Links

links to

GitHub Pull Request #3532

Activity

People

Assignee:: Yubin Li

Reporter:: Yubin Li

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 17/Nov/23 09:16

Updated:: 06/May/24 22:19

Resolved:: 17/Nov/23 13:45