Headline

GHSA-rr69-rxr6-8qwf: serde-json-wasm stack overflow during recursive JSON parsing

When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth.

7 months ago

ghsa

Open in Source

#vulnerability #dos #js #git

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
GHSA-rr69-rxr6-8qwf

serde-json-wasm stack overflow during recursive JSON parsing

High severity GitHub Reviewed Published Feb 9, 2024 to the GitHub Advisory Database • Updated Feb 9, 2024

Package

cargo serde-json-wasm (Rust)

Affected versions

= 1.0.0

< 0.5.2

Patched versions

1.0.1

0.5.2

Description

Published to the GitHub Advisory Database

Feb 9, 2024

ghsa: Latest News

GHSA-fm76-w8jw-xf8m: @saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source

15 hours ago

ghsa

GHSA-78p3-fwcq-62c2: @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings

17 hours ago

ghsa

GHSA-cfqx-f43m-vfh7: @saltcorn/server arbitrary file and directory listing when accessing build mobile app results

17 hours ago

ghsa

GHSA-277h-px4m-62q8: @saltcorn/server arbitrary file zip read and download when downloading auto backups

17 hours ago

ghsa

GHSA-5gc2-7c65-8fq8: async-graphql Directive Overload

18 hours ago

ghsa