CVE-2023-33546 Information

Description

janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input an attacker could supply content that causes the parser to crash due to a stack overflow.

Reference

https://github.com/janino-compiler/janino/issues/201