Количество 6
Количество 6
CVE-2026-32141
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0.
CVE-2026-32141
A denial of service flaw has been discovered in the flatted npm library. flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.
CVE-2026-32141
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0.
CVE-2026-32141
flatted: Unbounded recursion DoS in parse() revive phase
CVE-2026-32141
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() f ...
GHSA-25h7-pfq9-p65f
flatted vulnerable to unbounded recursion DoS in parse() revive phase
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-32141 flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0. | CVSS3: 7.5 | 0% Низкий | 14 дней назад |
 | CVE-2026-32141 A denial of service flaw has been discovered in the flatted npm library. flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. | CVSS3: 7.5 | 0% Низкий | 14 дней назад |
 | CVE-2026-32141 flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0. | CVSS3: 7.5 | 0% Низкий | 14 дней назад |
 | CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase | 0% Низкий | 2 дня назад | |
| CVE-2026-32141 flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() f ... | CVSS3: 7.5 | 0% Низкий | 14 дней назад |
| GHSA-25h7-pfq9-p65f flatted vulnerable to unbounded recursion DoS in parse() revive phase | CVSS3: 7.5 | 0% Низкий | 13 дней назад |
Уязвимостей на страницу