CVE-2024-27454

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-27454

Severity

7.5

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-27454
https://github.com/advisories/GHSA-pwr2-4v36-6qpr
https://monicz.dev/CVE-2024-27454
https://github.com/ijl/orjson/blob/master/CHANGELOG.md#3915
https://github.com/ijl/orjson/issues/458
https://github.com/ijl/orjson/commit/b0e4d2c06ce06c6e63981bf0276e4b7c74e5845e

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-27454

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company