aikido.dev Secure My Code

Intel/AIKIDO-2025-10243

AIKIDO-2025-10243

smol-toml is vulnerable to Uncontrolled Recursion

Uncontrolled RecursionGHSA-pqhp-25j4-6hq9 Published Apr 17, 2025

25

Low Risk

This Affects:

1.0.0 - 1.3.2

Fixed in 1.3.3

Are you affected? Scan for Free

TL;DR

Affected versions of the smol-toml package are vulnerable to a denial of service due to unbounded recursion when parsing or stringifying deeply nested inline structures. An attacker can craft a malicious TOML input to trigger a stack overflow and crash the application. The library does not impose a maximum depth limit for parsing or stringifying, increasing the risk of availability issues. The patched version introduces a configurable depth cap (default: 1000) to mitigate this, but nevertheless, users are advised to wrap parse and stringify calls in try/catch blocks when handling untrusted input.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

smol-toml is vulnerable to Uncontrolled Recursion in versions 1.0.0 - 1.3.2.

How to fix this

Upgrade the smol-toml library to the patch version.

25

Low Risk

This Affects:

1.0.0 - 1.3.2

Fixed in 1.3.3

Are you affected? Scan for Free

Links

github.com/squirrelchat/smol-toml/releases/tag/v1.3.2

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done