Sounds like SQL injection, actually more like a JSON injection… As if it’s trying to concatenate the input directly inside the value of a JSON dictionary, without proper escaping and/or encoding (base64 or hex, for example).
Possibly the input is being stored for user history (and, therefore, auto completion) purposes? Be it or not, something JSON-related is taking place here, from a kernel level or sufficiently deep so to cause a kernel crash (and rebooting).
(Sorry for jargons, I’m a developer seeing this issue through a developer lens)
Yeah, since the last character can be anything, it certainly seems JSON-related. If it wasn’t, SQL could be on the table (“”::<input> is how you convert types).
Good eye. I find it incredibly odd that JSON would be involved in any way here, but that does seem like a logical idea.
Sounds like SQL injection, actually more like a JSON injection… As if it’s trying to concatenate the input directly inside the value of a JSON dictionary, without proper escaping and/or encoding (base64 or hex, for example).
Possibly the input is being stored for user history (and, therefore, auto completion) purposes? Be it or not, something JSON-related is taking place here, from a kernel level or sufficiently deep so to cause a kernel crash (and rebooting).
(Sorry for jargons, I’m a developer seeing this issue through a developer lens)
Yeah, since the last character can be anything, it certainly seems JSON-related. If it wasn’t, SQL could be on the table (“”::<input> is how you convert types).
Good eye. I find it incredibly odd that JSON would be involved in any way here, but that does seem like a logical idea.