hjson-cs vulnerable to denial of service

[scacaca]

summary

In hjson-cs , A crafted JSON string could lead to a denial-of-service (DoS) attack.

Description

The utilization of hjson to interpret untrusted JSON strings could potentially expose to significant security risks, specifically denial of service (DOS) attacks. This vulnerability arises when the parser operates on input provided by users, which could be manipulated by malicious actors. They could craft content designed to trigger a OutOfBoundsException error, leading to a system crash. This not only disrupts normal operations but also opens up opportunities for further exploitations. There is a similar vulnerability The relevent code is in file1

Patch

The fix logic can be similar to this