CVE-2022-45688

This repository demonstrates CVE-2022-45688, a stack overflow vulnerability in json.org's XML-to-JSON conversion. It includes a shaded (manually embedded) vulnerable version of json.org and a test case to trigger the crash.

This repository contains a working PoC for CVE-2022-45688, demonstrating a stack overflow vulnerability in the json.org library when processing maliciously crafted XML input. The test case triggers the vulnerability by providing a large repeated XML string, causing a StackOverflowError.

This repository demonstrates a false positive for CVE-2022-45688 in json.org by implementing a sanitization check to prevent stack overflow in XML-to-JSON conversion. It includes scripts for running software composition analyses and a test case to confirm the vulnerability is mitigated.

This repository demonstrates a false positive for CVE-2022-45688 in json.org, showing that static analysis tools may flag the vulnerability even when the input is hardcoded and non-exploitable. It includes a test case to confirm the vulnerability but does not provide a working exploit.

This repository demonstrates a false positive for CVE-2022-45688 in the json.org library. It includes a simple application that does not invoke the vulnerable class, highlighting the difference between metadata-based and callgraph-based software composition analyses.