CVE Vulnerabilities

CVE-2024-27454

Uncontrolled Recursion

Published: Feb 26, 2024 | Modified: Sep 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

Name Vendor Start Version End Version
Orjson Ijl * 3.9.15 (excluding)
Python-orjson Ubuntu upstream *

Potential Mitigations

References