VYPR

Maven package

io.spray/spray-json_2.10

pkg:maven/io.spray/spray-json_2.10

Vulnerabilities (3)

  • CVE-2018-18855medJun 28, 2022
    affected < 1.3.5fixed 1.3.5

    Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently "open" parsing state is kept on the stack.

  • CVE-2018-18854Oct 31, 2018
    affected < 1.3.5fixed 1.3.5

    Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).

  • CVE-2018-18853Oct 31, 2018
    affected < 1.3.5fixed 1.3.5

    Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.