[
https://issues.apache.org/jira/browse/OAK-10769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17838704#comment-17838704
]
Fabrizio Fortino commented on OAK-10769:
----------------------------------------
Needed to fix the following vulnerability:
* *CVE-2023-4043* in version 1.0.0 (CVSS 7.5 High): In Eclipse Parsson before
versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead
malicious actors to exploit the fact that the built-in support for parsing
numbers with large scale in Java has a number of edge cases where the input
text of a number can lead to much larger processing time than one would expect.
To mitigate the risk, parsson put in place a size limit for the numbers as well
as their scale.
> Bump elasticsearch version to 8.13.2
> ------------------------------------
>
> Key: OAK-10769
> URL: https://issues.apache.org/jira/browse/OAK-10769
> Project: Jackrabbit Oak
> Issue Type: Task
> Components: search, search-elastic
> Reporter: Fabrizio Fortino
> Assignee: Fabrizio Fortino
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
