Описание
orjson does not limit recursion for deeply nested JSON documents
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-27454
- https://github.com/ijl/orjson/issues/458
- https://github.com/ijl/orjson/commit/b0e4d2c06ce06c6e63981bf0276e4b7c74e5845e
- https://github.com/ijl/orjson/blob/master/CHANGELOG.md#3915
- https://github.com/pypa/advisory-database/tree/main/vulns/orjson/PYSEC-2024-40.yaml
- https://monicz.dev/CVE-2024-27454
Пакеты
Наименование
orjson
pip
Затронутые версииВерсия исправления
< 3.9.15
3.9.15
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 2 года назад
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.
CVSS3: 7.5
nvd
почти 2 года назад
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.
CVSS3: 7.5
debian
почти 2 года назад
orjson.loads in orjson before 3.9.15 does not limit recursion for deep ...