logo

Database

Asymmetric denial of service In orjson

Description

orjson does not limit recursion for deeply nested JSON documents The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-672212. NVD-2025-672213. OSV-2025-672214. GCVE-2025-67221

References

1. https://github.com/ijl/orjson/issues/6202. https://github.com/kpatsakis/CVE-2025-67221/issues/13. https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe3704. https://github.com/kpatsakis/orjson_vulnerability5. https://github.com/kpatsakis/CVE-2025-67221

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-TGQZ3 – Vulnerability | Fluid Attacks Database