Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
flatted: Unbounded recursion DoS in parse() revive phase
Vulnerability Description
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未经控制的递归
Vulnerability Title
flatted 安全漏洞
Vulnerability Description
flatted是Andrea Giammarchi个人开发者的一个轻量快速的循环JSON解析器。 flatted 3.4.0之前版本存在安全漏洞,该漏洞源于parse函数在处理特制负载时递归深度无限制,可能导致堆栈溢出并使Node.js进程崩溃。
CVSS Information
N/A
Vulnerability Type
N/A