Yubin Li created FLINK-33571:
--------------------------------
Summary: Bump json-path from 2.7.0 to 2.8.0
Key: FLINK-33571
URL: https://issues.apache.org/jira/browse/FLINK-33571
Project: Flink
Issue Type: Bug
Affects Versions: 1.19.0
Reporter: Yubin Li
json-path has critical bugs in 2.7.0 used in flink project, see
[https://github.com/json-path/JsonPath/issues/906.]
the current version is vulnerable to Denial of Service (DoS) due to a
StackOverflowError when parsing a deeply nested JSON array or object, and the
issue has been fixed in 2.8.0.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
