Skip to content

CVE-2026-9563: org.eclipse.parsson:parsson:jar:1.1.7:runtime #83

Description

@github-actions

Summary

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.

CVE: CVE-2026-9563
CWE: CWE-400

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity related change

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions