GHSA-rr69-rxr6-8qwf: serde-json-wasm stack overflow during recursive JSON parsing

February 9, 2024

When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth.

References

github.com/CosmWasm/serde-json-wasm
github.com/CosmWasm/serde-json-wasm/commit/a9a9b9bf243862bd2afbf6853fca97f30dc4f620
github.com/CosmWasm/serde-json-wasm/commit/e78f9e28b3a2151d3175ee88ab2a001bf9515429
github.com/advisories/GHSA-rr69-rxr6-8qwf
rustsec.org/advisories/RUSTSEC-2024-0012.html

Detect and mitigate GHSA-rr69-rxr6-8qwf with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →