OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-08 04:27:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add serde-json-wasm stack-overflow (#1867)

Browse Source
This commit is contained in:
Christoph Otter
2024-02-09 03:02:21 +01:00
committed by GitHub
parent 2bb64f5005
commit f395a84350
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
crates/serde-json-wasm/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,17 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "serde-json-wasm"
date = "2024-01-24"
categories = ["denial-of-service"]
keywords = ["stack-overflow", "json"]
[versions]
patched = [">= 1.0.1", ">= 0.5.2, < 1.0.0"]
```
# Stack overflow during recursive JSON parsing
When parsing untrusted, deeply nested JSON, the stack may overflow,
possibly enabling a Denial of Service attack.
This was fixed by adding a check for recursion depth.