Alonso Gonzalez created CXF-8435:
------------------------------------
Summary: JsonMapObjectReaderWriter doesn't escape double quotes
Key: CXF-8435
URL: https://issues.apache.org/jira/browse/CXF-8435
Project: CXF
Issue Type: Bug
Components: JAX-RS
Affects Versions: 3.4.1
Reporter: Alonso Gonzalez
Attachments: TestJson.java
JsonMapObjectReaderWriter doesn't escape double quotes in JWT claim values. The
method "toJsonInternal" appends String values without any modifications/checks.
If the value of a claim contains double quotes, it's possible to manipulate the
generated JSON. This is especially problematic if user supplied values are
included.
I've added an example program where the expiration of a JWT is set to 5
minutes. The value of the claim "userInput" is set to
<<a","exp":9999999999,"b":"x>>.
JwsJwtCompactProducer (using JsonMapObjectReaderWriter) generates this JSON
body: \{"exp":1615227615,"additionalClaim":"a","exp":9999999999,"b":"x"}
If the parsing library (like CXF itself) overwrites duplicate claims, the last
occurence of a claim wins.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
