THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-xf7x-x43h-rpqh (high) — json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoS

[GHSA] GHSA-xf7x-x43h-rpqh (high) — json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoS

highgithub_advisoriesPublished 2026-07-13

GHSA-xf7x-x43h-rpqh Severity: high CVE: None

json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoS

## Circular JSON Schema `$ref` causes unbounded CPU DoS in `json_repair`

### Summary

`SchemaRepairer.resolve_schema()` in `json_repair` follows JSON Schema `$ref` pointers in an unbounded `while` loop without any cycle detection. An attacker who can supply a schema containing a self-r

Indicators of compromise

Original source: https://github.com/advisories/GHSA-xf7x-x43h-rpqh