Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8434

JsonMapObjectReaderWriter doesn't escape double quotes

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 3.4.1
    • None
    • JAX-RS
    • None
    • Unknown

    Description

      JsonMapObjectReaderWriter doesn't escape double quotes when writing String values. The writer appends values using 'out.append(value.toString());' without any checks.

      If the value of a JWT claim contains double quotes, it's possible to manipulate the serialized JSON. This is especially problematic if user supplied values are part of the JWT.

       

      I've added an example program where the expiration of a token is set 5 minutes and a second claim named "additionalClaim" has the value: <<a","exp":9999999999,"b":"x>>

      JsonMapObjectReaderWriter serializes this as:

      {"exp":1615227615,"additionalClaim":"a","exp":9999999999,"b":"x"}

      If the used JWT parser (like CXF itself) implements a "last key occurence wins" strategy. The expiration of the parsed JWT will be 9999999999.

       

       

      Thus, if a 

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. CXF-8435 JsonMapObjectReaderWriter doesn't escape double quotes

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              a.gonzalez Alonso Gonzalez
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: