增加ParseConfig,通过增加maxNestingDepth参数避免StackOverflowError问题,修复CVE-2022-45688漏洞

This commit is contained in:
Looly
2024-01-05 12:36:31 +08:00
parent 17d773181e
commit 6a2b585de0
5 changed files with 170 additions and 6 deletions

View File

@@ -0,0 +1,19 @@
package cn.hutool.json.xml;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONException;
import cn.hutool.json.XML;
import org.junit.Assert;
import org.junit.Test;
public class Issue2748Test {
@Test
public void toJSONObjectTest() {
final String s = StrUtil.repeat("<a>", 600);
Assert.assertThrows(JSONException.class, () -> {
XML.toJSONObject(s, ParseConfig.of().setMaxNestingDepth(512));
});
}
}