Affects Version/s: None
Fix Version/s: 220.127.116.11
Lucee's JSON parsing is allowing strings that are not valid JSON.
Adobe CF correctly returns false and thrown an error on the last line. Lucee returns true and evaluates it as a CFML expression, "deserializing" it into 0.000297619048.
There's two issues with this:
- That string is not valid JSON in the first place. A valid JSON string should be encased in double quotes.
- Even Lucee tried to treat it as a number, arithmetic operators are not allow, just numbers.