CVE-2018-18853
HIGH7.5EPSS 0.84%Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
發布日:2018/11/9修改日:2023/11/8
描述
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.
受影響套件(3)
- Maven/io.spray:spray-json_2.10from 0, < 1.3.5
- Maven/io.spray:spray-json_2.11from 0, < 1.3.5
- Maven/io.spray:spray-json_2.12from 0, < 1.3.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |