From f395a84350160d1b819151856d8b96df42e00775 Mon Sep 17 00:00:00 2001
From: Christoph Otter <chipshort@tutanota.com>
Date: Fri, 9 Feb 2024 03:02:21 +0100
Subject: [PATCH] Add serde-json-wasm stack-overflow (#1867)

---
 crates/serde-json-wasm/RUSTSEC-0000-0000.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 crates/serde-json-wasm/RUSTSEC-0000-0000.md

diff --git a/crates/serde-json-wasm/RUSTSEC-0000-0000.md b/crates/serde-json-wasm/RUSTSEC-0000-0000.md
new file mode 100644
index 0000000..a03b792
--- /dev/null
+++ b/crates/serde-json-wasm/RUSTSEC-0000-0000.md
@@ -0,0 +1,17 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "serde-json-wasm"
+date = "2024-01-24"
+categories = ["denial-of-service"]
+keywords = ["stack-overflow", "json"]
+
+[versions]
+patched = [">= 1.0.1", ">= 0.5.2, < 1.0.0"]
+```
+
+# Stack overflow during recursive JSON parsing
+
+When parsing untrusted, deeply nested JSON, the stack may overflow,
+possibly enabling a Denial of Service attack.
+This was fixed by adding a check for recursion depth.