CVE-2023-34613: 
Java vulnerability analysis and mitigation

An issue was discovered in sojo through version 1.1.1 that allows attackers to cause a denial of service or other unspecified impacts via crafted objects that use cyclic dependencies. The vulnerability was assigned CVE-2023-34613 and was disclosed on June 14, 2023 (NVD).

The vulnerability is related to stack overflow errors that occur when parsing untrusted JSON strings. When processing deeply nested arrays or JSON objects with cyclic dependencies, the parser can crash due to stack overflow. This is demonstrated by a proof of concept that creates a JSON document with excessive nesting depth of 9999 levels (GitHub Issue). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can be exploited to cause denial of service conditions by causing the parser to crash when processing maliciously crafted input. This affects the availability of systems using the vulnerable sojo library versions (NVD).

Recommended mitigations include adding depth tracking to limit nesting levels (similar to jackson-databind) or changing recursive processing to use stack+iteration processing (similar to GSON's approach). Users should upgrade to fixed versions when available (GitHub Issue).