Issue: Malformed JSON data - JSON Parser Attack - Malformed numeric


Violations Malformed JSON data
Sub Violation(s)
Attack Type JSON Parser Attack


<specific_desc>Malformed document</specific_desc>
<fault_detail>Malformed numeric value</fault_detail>


JSON Example:

"data": {

"id": "123",

"type": "user",

"attributes": {

"phone-number": 0111222333444,

"country": "us"}




  • WAF Policy



   The representation of numbers is similar to that used in most
   programming languages.  A number is represented in base 10 using
   decimal digits.  It contains an integer component that may be
   prefixed with an optional minus sign, which may be followed by a
   fraction part and/or an exponent part.  Leading zeros are not
   The representation of strings is similar to conventions used in the C
   family of programming languages.  A string begins and ends with
   quotation marks.



  • Don't use leading zero
    • i.e. "phone-number": 111222333444,
  • or, store as a string with quotation marks
    • i.e. "phone-number": "0111222333444",


Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request