[CXF-4172] Default JAX-RS XML, JSON and Form providers are open to the hash collision attacks - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.3.10, 2.4.7, 2.5.3, 2.6
Component/s: JAX-RS, JAX-RS Security
Labels:
None

Estimated Complexity:
Unknown

Description

Default XML, JSON and Form providers using the Maps internally are open to the hash collision attacks.

This includes JAXBElementProvider and JSONProvider (JAXB-driven), SourceProvider, FormEncodingProvider.

Attachments

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Sergey Beryozkin

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 09/Mar/12 13:55

Updated:: 23/Apr/12 16:45

Resolved:: 14/Mar/12 17:11