jsonschema is vulnerable to Uncontrolled Recursion
59
Medium Risk
The unevaluatedProperties and unevaluatedItems keywords are compiled into a recursive validator structure that eagerly follows $ref and $dynamicRef references to collect evaluated locations. When a schema contains a self-referential $dynamicRef combined with unevaluatedProperties or unevaluatedItems, the dynamic reference is followed back into itself with no cycle guard and recurses until the call stack is exhausted. A crafted schema therefore aborts the whole process with a stack overflow while the validator is being built instead of returning a result. The fix caches pending validators and adds a marking stack with cycle detection that break the recursive $dynamicRef cycle.
You are affected if you are using a version that falls within the vulnerable range and your application compiles or validates JSON schemas that can be influenced by untrusted input.
jsonschema is vulnerable to Uncontrolled Recursion in versions 0.24.0 - 0.46.9.
Upgrade the jsonschema library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant