CVE-2024-27454

orjson does not limit recursion for deeply nested JSON documents

Description

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

7.5

Severity

High

Ecosystem

Python

Publish Date

February 26, 2024

Modified Date

June 10, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions