THREAT OPS › Threat News › [GHSA] GHSA-xf7x-x43h-rpqh (high) — json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoS
[GHSA] GHSA-xf7x-x43h-rpqh (high) — json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoS
GHSA-xf7x-x43h-rpqh Severity: high CVE: None
json_repair: Circular JSON Schema `$ref` causes unbounded CPU DoS
## Circular JSON Schema `$ref` causes unbounded CPU DoS in `json_repair`
### Summary
`SchemaRepairer.resolve_schema()` in `json_repair` follows JSON Schema `$ref` pointers in an unbounded `while` loop without any cycle detection. An attacker who can supply a schema containing a self-r
Indicators of compromise
- 0015c74c01bdafe4bb7435780657501741c2a5f7sha1
- http://127.0.0.1:5005/api/repair-jsonurl
Original source: https://github.com/advisories/GHSA-xf7x-x43h-rpqh