Parser mismatch vulnerabilities, also known as parser confusion or parser mismatch, have recently gained recognition in the cybersecurity community. These vulnerabilities occur when two code locations attempt to parse the same input but disagree on its meaning. This can lead to different behavior for malformed inputs, potentially creating a security risk. The author provides several examples, such as URL parsing discrepancies in different browsers and a vulnerability in Imzy’s image proxy. Parser mismatch vulnerabilities can be exploited by attackers to bypass security measures or manipulate data. Recognizing and addressing these vulnerabilities is a challenging task that requires understanding the parsers’ implementation and the specific input formats they handle.
https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/