Skip to content

JsonCpp is insecure #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lamefun opened this issue Nov 20, 2014 · 4 comments
Closed

JsonCpp is insecure #88

lamefun opened this issue Nov 20, 2014 · 4 comments

Comments

@lamefun
Copy link

lamefun commented Nov 20, 2014

Doesn't allow to set nesting limit and segfaults on deeply nested objects.
@cdunn2001
Copy link
Contributor

The seg-fault is from deep recursion. Could you submit a patch to limit that?

@cinemast
Copy link
Contributor

This is a security issue. It should not be closed that easily. Every application using jsoncpp is vulnerable to DOS attacks.

It has already been discussed and just closed here:
#56

Please don't do that.

@cdunn2001
Copy link
Contributor

We can't easily remove the recursion, but we can easily provide a feature to limit the recursion. Fair enough?

@cdunn2001 cdunn2001 reopened this Feb 10, 2015
@cinemast
Copy link
Contributor

A limit would already solve the problem, yes. Please add a limit.

@cinemast cinemast mentioned this issue Feb 10, 2015
Closed
@cdunn2001 cdunn2001 mentioned this issue Mar 15, 2016
Closed
@perfinion perfinion mentioned this issue Jun 21, 2018
Closed
@mike-malburg mike-malburg mentioned this issue Feb 16, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lamefun @cdunn2001 @cinemast