CVE-2023-51074: 
Java vulnerability analysis and mitigation

A stack overflow vulnerability was discovered in json-path version 2.8.0, specifically in the Criteria.parse() method. The vulnerability was disclosed on December 27, 2023, and affects the json-path library, which is commonly used for processing JSON data in Java applications (NVD, CVE).

The vulnerability occurs due to uncontrolled recursion in the Criteria.parse() method, which can lead to a stack overflow condition. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating that it can be exploited remotely with low attack complexity and requires no privileges or user interaction (NVD).

When successfully exploited, the vulnerability can cause a denial of service condition through stack overflow, affecting the availability of applications using the vulnerable version of json-path. The impact is primarily limited to availability, with no direct effect on confidentiality or integrity (NVD).

Users are advised to upgrade to a newer version of json-path that contains the fix for this vulnerability. The issue has been addressed in subsequent releases after version 2.8.0 (GitHub Issue).