Lucene search

K
cvelistMitreCVELIST:CVE-2024-27454
HistoryFeb 26, 2024 - 12:00 a.m.

CVE-2024-27454

2024-02-2600:00:00
mitre
www.cve.org
2
orjson.loads
recursion limit
cve-2024-27454

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

15.5%

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

15.5%