jsonschema-rs is vulnerable to Uncontrolled Recursion
59
Medium Risk
The unevaluatedProperties and unevaluatedItems keywords are compiled into a recursive validator structure that eagerly follows $ref and $dynamicRef references to collect evaluated locations. When a schema contains a self-referential $dynamicRef combined with unevaluatedProperties or unevaluatedItems, the dynamic reference is followed back into itself with no cycle guard and recurses until the call stack is exhausted. A crafted schema therefore aborts the whole process with a stack overflow while the validator is being built instead of returning a result. The fix caches pending validators and adds a marking stack with cycle detection that break the recursive $dynamicRef cycle.
You are affected if you are using a version that falls within the vulnerable range and your application compiles or validates JSON schemas that can be influenced by untrusted input.
jsonschema-rs is vulnerable to Uncontrolled Recursion in versions 0.24.0 - 0.46.9.
Upgrade the jsonschema-rs library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant