GHSA-j87p-gjr6-m4pv: Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing

July 27, 2025 (updated July 28, 2025)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references.

Original Description

The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.

References

crates.io/crates/serde-json-wasm
github.com/CosmWasm/serde-json-wasm
github.com/advisories/GHSA-j87p-gjr6-m4pv
github.com/advisories/GHSA-rr69-rxr6-8qwf
nvd.nist.gov/vuln/detail/CVE-2024-58264
rustsec.org/advisories/RUSTSEC-2024-0012.html

Code Behaviors & Features

Detect and mitigate GHSA-j87p-gjr6-m4pv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →