2 matches found
PT-2026-51396
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. Specifically, the...
Design/Logic Flaw
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...