VYPR
Medium severityGHSA Advisory· Published Jun 28, 2022· Updated Sep 30, 2025

Uncontrolled Resource Consumption in Spray JSON

CVE-2018-18855

Description

Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently "open" parsing state is kept on the stack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.spray:spray-json_2.10Maven
< 1.3.51.3.5
io.spray:spray-json_2.11Maven
< 1.3.51.3.5
io.spray:spray-json_2.11.0-RC4Maven
>= 0
io.spray:spray-json_2.12Maven
< 1.3.51.3.5
io.spray:spray-json_2.12.0-M3Maven
>= 0
io.spray:spray-json_2.12.0-M5Maven
>= 0
io.spray:spray-json_2.12.0-RC1Maven
>= 0
io.spray:spray-json_2.12.0-RC2Maven
>= 0
io.spray:spray-json_2.13.0-M2Maven
>= 0
io.spray:spray-json_2.13.0-M4Maven
>= 0
io.spray:spray-json_2.13.0-M5Maven
< 1.3.51.3.5
io.spray:spray-json_2.9.3Maven
>= 0

Affected products

13

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.