Product Research Enterprise Plans Docs

PyPi: Python-Rapidjson

CVE-2024-27454

Transitive

Safety vulnerability ID: 65707

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 26, 2024 Updated at Aug 06, 2024

Scan your Python projects for vulnerabilities →

Advisory

Python-rapidjson 1.15 now enforces the recursion limit during parsing to mitigate potential vulnerabilities, specifically addressing the concerns outlined in CVE-2024-27454.

Affected package

python-rapidjson

Latest version: 1.20

Python wrapper around rapidjson

Affected versions

Fixed versions

Vulnerability changelog

~~~~~~~~~~~~~~~~~

* Honor the `recursion limit`__ also at parse time, to avoid attacks as described by
`CVE-2024-27454`__

__ https://docs.python.org/3.12/library/sys.html#sys.setrecursionlimit
__ https://monicz.dev/CVE-2024-27454

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27454

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application