Parsson

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:eclipse:parsson:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorEclipse (fa988180-604e-5c1f-93ea-65b5297000fc)
ProductParsson (ee82b07c-5801-57c4-a291-1e3cbaf561ac)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/eclipse-ee4j/parsson purl2cpe 2026-06-01 10:15:03.586827
pkg:maven/org.eclipse.parsson/parsson purl2cpe 2026-06-01 10:15:03.586830

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-7272 vulnerable 2026-06-03 14:54:00.366011 Eclipse Parsson stack overflow with deeply nested objects
HIGH (8.6)
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
Published: 2024-07-17T15:00:20.172Z
Updated: 2024-08-02T08:57:35.165Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-4043 vulnerable 2026-06-03 14:53:27.119732 Parsson DoS when parsing numbers from untrusted sources
MEDIUM (5.9)
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.
Published: 2023-11-03T08:11:39.563Z
Updated: 2024-09-05T14:31:17.127Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.