dxbjavid opened a new pull request, #3167: URL: https://github.com/apache/cxf/pull/3167
Found while fuzzing toJson/fromJson round-trips. escapeJson looked only at the single char before a " or \ to decide it was already escaped, so a value holding a complete escaped-backslash pair (\\) followed by a quote left that quote raw and broke out of its JSON string, letting a string value inject sibling members. Consume a backslash together with the char it escapes in one pass, so any leftover raw quote or backslash is always escaped while existing sequences are kept. Same single-char-lookback flaw as the reader fix in #3140. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
