Lucene search
K

37 matches found

AlpineLinux
AlpineLinux
added 2026/01/22 12:0 a.m.3 views

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

7.5CVSS5.4AI score0.0055EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 12:0 a.m.5 views

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

7.5CVSS5.3AI score0.0055EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/22 12:0 a.m.3 views

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

5.4AI score0.0055EPSS
Exploits1References2
CVE
CVE
added 2026/01/22 12:0 a.m.22 views

CVE-2025-67221

CVE-2025-67221 concerns the orjson library: the orjson.dumps function in orjson up to version 3.11.4 fails to limit recursion for deeply nested JSON documents. The vulnerability is described across multiple sources (Red Hat, NVD, OSV, etc.), consistently stating that deeply nested JSON can trigge...

7.5CVSS5.4AI score0.0055EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54825

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00362EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/26 2:38 p.m.8 views

express-xss-sanitizer has an unbounded recursion depth

Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...

5.3CVSS7.2AI score0.00419EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2025/07/27 9:15 p.m.5 views

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/27 12:0 a.m.3 views

serde-json-wasm crate 安全漏洞

serde-json-wasm crate is a Rust library open-sourced by CosmWasm. A security vulnerability exists in serde-json-wasm crate versions prior to 1.0.1, which stems from deeply nested JSON data that may lead to stack consumption...

7.5CVSS6.4AI score0.00362EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/27 12:0 a.m.9 views

CVE-2024-58264

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

3.2CVSS0.00362EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/07 10:44 a.m.5 views

Uncontrolled Recursion

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...

7.1CVSS7.2AI score0.00338EPSS
Exploits1References2
Huntr
Huntr
added 2025/05/27 3:2 p.m.7 views

Denial of Service(DOS) in JSONReader

Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...

8.6CVSS7.1AI score0.0026EPSS
Exploits0
OSV
OSV
added 2024/07/17 3:30 p.m.4 views

GHSA-2RWM-XV5J-777P Eclipse Parsson stack overflow when parsing deeply nested input

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...

9.2CVSS7.1AI score0.00588EPSS
Exploits1References6
OSV
OSV
added 2024/02/26 6:30 p.m.3 views

GHSA-PWR2-4V36-6QPR orjson does not limit recursion for deeply nested JSON documents

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS7.1AI score0.01187EPSS
Exploits1References7
PyPA
PyPA
added 2024/02/26 4:28 p.m.7 views

PYSEC-2024-40

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS7AI score0.01187EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/02/26 4:28 p.m.3 views

DEBIAN-CVE-2024-27454

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS7.3AI score0.01187EPSS
Exploits1References1
OSV
OSV
added 2023/03/23 8:32 p.m.3 views

GHSA-493P-PFQ6-5258 json-smart Uncontrolled Recursion vulnerability

Impact Affected versions of net.minidev:json-smart are vulnerable to Denial of Service DoS due to a StackOverflowError when parsing a deeply nested JSON array or object. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered tha...

7.5CVSS5.9AI score0.01119EPSS
Exploits1References10
OSV
OSV
added 2021/12/07 10:15 p.m.4 views

DEBIAN-CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...

7.5CVSS7.8AI score0.03206EPSS
Exploits2References1
Rows per page
Query Builder