CNNVD-202601-3752 Information

CNNVD ID

CNNVD-202601-3752

Related CVE

CVE-2025-67221

• CNNVD Published: 2026-01-22

Description (Chinese)

orjson是ijl个人开发者的一个快速、正确的 Python JSON 库。 orjson 3.11.4及之前版本存在安全漏洞，该漏洞源于orjson.dumps函数未限制深度嵌套JSON文档的递归。

Description (English)

Orjson is a fast and right Python JSON library for ijl personal developers. The orjson 3.11.4 and previous versions have a security loophole, which stems from the fact that the orjson.dumps function does not limit the re-entry of the deep nested JSON document.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/ijl/orjson https://github.com/kpatsakis/orjson_vulnerability

Patch

https://github.com/ijl/orjson/releases