37 matches found
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
CVE-2025-67221 concerns the orjson library: the orjson.dumps function in orjson up to version 3.11.4 fails to limit recursion for deeply nested JSON documents. The vulnerability is described across multiple sources (Red Hat, NVD, OSV, etc.), consistently stating that deeply nested JSON can trigge...
EUVD-2024-54825
Malicious code in bioql PyPI...
express-xss-sanitizer has an unbounded recursion depth
Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
serde-json-wasm crate 安全漏洞
serde-json-wasm crate is a Rust library open-sourced by CosmWasm. A security vulnerability exists in serde-json-wasm crate versions prior to 1.0.1, which stems from deeply nested JSON data that may lead to stack consumption...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
Uncontrolled Recursion
Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...
Denial of Service(DOS) in JSONReader
Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...
GHSA-2RWM-XV5J-777P Eclipse Parsson stack overflow when parsing deeply nested input
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...
GHSA-PWR2-4V36-6QPR orjson does not limit recursion for deeply nested JSON documents
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
PYSEC-2024-40
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
DEBIAN-CVE-2024-27454
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
GHSA-493P-PFQ6-5258 json-smart Uncontrolled Recursion vulnerability
Impact Affected versions of net.minidev:json-smart are vulnerable to Denial of Service DoS due to a StackOverflowError when parsing a deeply nested JSON array or object. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered tha...
DEBIAN-CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...