Affects Version/s: None
Fix Version/s: 184.108.40.206
Lucee's JSON parsing is allowing strings that are not valid JSON.
Adobe CF correctly returns false and thrown an error on the last line. Lucee returns true and evaluates it as a CFML expression, "deserializing" it into 0.000297619048.
There's two issues with this:
- That string is not valid JSON in the first place. A valid JSON string should be encased in double quotes.
- Even Lucee tried to treat it as a number, arithmetic operators are not allow, just numbers.