增加ParseConfig，通过增加maxNestingDepth参数避免StackOverflowError问题，修复CVE-2022-45688漏洞

2025-07-21 15:09:48 +08:00 · 2024-01-05 12:36:23 +08:00
parent 69206406d7
commit 30fafaa5de
3 changed files with 35 additions and 7 deletions
--- a/hutool-json/src/test/java/org/dromara/hutool/json/xml/Issue2748Test.java
+++ b/hutool-json/src/test/java/org/dromara/hutool/json/xml/Issue2748Test.java
@@ -0,0 +1,18 @@
+package org.dromara.hutool.json.xml;
+
+import org.dromara.hutool.core.text.StrUtil;
+import org.dromara.hutool.json.JSONException;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+public class Issue2748Test {
+
+	@Test
+	void toJSONObjectTest() {
+		final String s = StrUtil.repeat("<a>", 600);
+
+		Assertions.assertThrows(JSONException.class, () -> {
+			JSONXMLUtil.toJSONObject(s, ParseConfig.of().setMaxNestingDepth(512));
+		});
+	}
+}