zhouxy108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-08-18 20:38:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加ParseConfig,通过增加maxNestingDepth参数避免StackOverflowError问题,修复CVE-2022-45688漏洞

Browse Source
This commit is contained in:
Looly
2024-01-05 12:36:31 +08:00
parent 17d773181e
commit 6a2b585de0
5 changed files with 170 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
hutool-json/src/test/java/cn/hutool/json/xml/Issue2748Test.java Normal file
View File

@@ -0,0 +1,19 @@
package cn.hutool.json.xml;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONException;
import cn.hutool.json.XML;
import org.junit.Assert;
import org.junit.Test;
public class Issue2748Test {
@Test
public void toJSONObjectTest() {
final String s = StrUtil.repeat("<a>", 600);
Assert.assertThrows(JSONException.class, () -> {
XML.toJSONObject(s, ParseConfig.of().setMaxNestingDepth(512));
});
}
}