spray-json is vulnerable to denial of service. The vulnerability exists due to the uncontrolled recursion used in the JsonParser
in the parseJsValue
function of JsonParser.scala
, allowing an attacker to crash the application by providing a deeply nested JSON
object.