toml is vulnerable to Uncontrolled Recursion
75
High Risk
The TOML parser previously used recursive-descent parsing where deeply nested arrays/inline tables could overflow the JavaScript call stack, crashing the process with an uncatchable RangeError (DoS). Version 4.2.0 fixes this by adding a configurable nesting-depth bound (default 500 via toml.parse(input, { maxDepth })) enforced in the parser grammar/logic; inputs exceeding the limit now fail with a normal parse error instead of a runtime stack overflow.
You are affected if you are using a version that falls within the vulnerable range.
toml is vulnerable to Uncontrolled Recursion in versions 0.0.1 - 4.1.2.
Upgrade the toml library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant