2 matches found
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...
Hono 安全漏洞
Hono is a web framework written in TypeScript from the Hono community. A security vulnerability exists in Hono 4.9.5 and earlier versions, which stems from an error in the path resolution of the getPath function and could lead to bypassing proxy ACLs...