Skip to main content

Eclipse Parsson

1 CVEs product

Monthly

CVE-2026-9563 HIGH This Week

Denial of service in Eclipse Parsson before 1.1.8 lets remote unauthenticated attackers exhaust CPU and memory on any application that parses attacker-controlled JSON. Because the parser enforced no default cap on characters consumed per document, a single oversized payload - large arrays, strings, numbers, deep nesting, or whitespace - can hang or crash the service. No public exploit is identified at time of analysis; the fix (1.1.8) adds a configurable default limit of 15 million parser-consumed characters.

Denial Of Service Eclipse Parsson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Eclipse Parsson before 1.1.8 lets remote unauthenticated attackers exhaust CPU and memory on any application that parses attacker-controlled JSON. Because the parser enforced no default cap on characters consumed per document, a single oversized payload - large arrays, strings, numbers, deep nesting, or whitespace - can hang or crash the service. No public exploit is identified at time of analysis; the fix (1.1.8) adds a configurable default limit of 15 million parser-consumed characters.

Denial Of Service Eclipse Parsson
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy