Bug 1220489 (CVE-2024-27454) - VUL-0: CVE-2024-27454: python-orjson: orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.
Summary: VUL-0: CVE-2024-27454: python-orjson: orjson.loads in orjson before 3.9.15 do...
Status: RESOLVED FIXED
Alias: CVE-2024-27454
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/395195/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-27454:7.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-27 17:01 UTC by SMASH SMASH
Modified: 2024-05-10 13:20 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 OBSbugzilla Bot 2024-02-29 07:35:01 UTC 
This is an autogenerated message for OBS integration:
This bug (1220489) was mentioned in
https://build.opensuse.org/request/show/1153104 Factory / python-orjson
Comment 4 OBSbugzilla Bot 2024-03-16 11:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1220489) was mentioned in
https://build.opensuse.org/request/show/1158410 Factory / python-python-rapidjson