Описание
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
A flaw was found in orjson. The orjson.dumps function does not properly limit recursion when processing deeply nested JSON documents. A remote attacker could exploit this vulnerability by providing a specially crafted JSON document, leading to a Denial of Service (DoS) condition.
Отчет
For this flaw to be remotely exploitable, the system must accept data from untrusted users. For that reason, our analysis indicates the attack vector for this flaw is "Local".
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-service-api-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-supported-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-supported-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-dellemc-openmanage-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
orjson does not limit recursion for deeply nested JSON documents
EPSS
5.5 Medium
CVSS3