Skip to content

[PLUGIN-1904] Fix: Vulnerability for json_version #312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AbhishekKumar9984 merged 1 commit into from
Aug 12, 2025
Merged

[PLUGIN-1904] Fix: Vulnerability for json_version #312

AbhishekKumar9984 merged 1 commit into from
Aug 12, 2025

Conversation

@AbhishekKumar9984
Copy link
Contributor

@AbhishekKumar9984 AbhishekKumar9984 commented Jul 17, 2025
edited
Loading

Issue:
Addressed Denial of Service (DoS) vulnerabilities in the org.json:json library and related components. JSON-Java versions up to and including 20230618 contained a parser bug allowing modestly sized input to cause excessive memory consumption. Additionally, a stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json versions prior to 20231013 allowed attackers to exploit crafted JSON or XML data to trigger DoS.

Root Cause :
Insufficient validation and resource management in the parser enabled malicious input to exhaust system memory or cause stack overflows.

Fix : Upgraded org.json:json to a secure version (20231013) .

JIRA Ticket : https://cdap.atlassian.net/browse/PLUGIN-1904

@AnkitCLI AnkitCLI added the build label Jul 17, 2025
@AbhishekKumar9984 AbhishekKumar9984 force-pushed the json-version-04 branch 2 times, most recently from b0882ae to d60e9e1 Compare August 8, 2025 16:09
@AbhishekKumar9984 @vikasrathee-cs
Fix: Vulnerability issues
df6fdcc 
avro-version

fixes

fixes

patch fix

fixes
sgarg-CS
sgarg-CS approved these changes Aug 12, 2025
View reviewed changes
Copy link
Contributor

@sgarg-CS sgarg-CS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@AbhishekKumar9984 AbhishekKumar9984 merged commit ffd0f1c into data-integrations:develop Aug 12, 2025
5 checks passed
@sgarg-CS sgarg-CS changed the title Fix: Vulnerability for json_version [PLUGIN-1904] Fix: Vulnerability for json_version Aug 12, 2025
@sgarg-CS sgarg-CS mentioned this pull request Aug 12, 2025
Merged
@Krish-cloudsufi Krish-cloudsufi mentioned this pull request Dec 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@minurajeeve minurajeeve minurajeeve approved these changes

@vikasrathee-cs vikasrathee-cs vikasrathee-cs approved these changes

@sgarg-CS sgarg-CS sgarg-CS approved these changes

@MrRahulSharma MrRahulSharma Awaiting requested review from MrRahulSharma

Assignees

No one assigned

Labels

build

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@AbhishekKumar9984 @minurajeeve @vikasrathee-cs @sgarg-CS @AnkitCLI