2 matches found
CVE-2024-27454
The CVE-2024-27454 issue affects the orjson project: orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. Affected component is the orjson loader/parse path (orjson.loads) with potential recursion explosion. The vulnerability is reflected in CVSS 3.1 as HIGH impact to a...
CVE-2025-67221
CVE-2025-67221 concerns the orjson library: the orjson.dumps function in orjson up to version 3.11.4 fails to limit recursion for deeply nested JSON documents. The vulnerability is described across multiple sources (Red Hat, NVD, OSV, etc.), consistently stating that deeply nested JSON can trigge...