grab / grabpay-merchant-sdk

Other
13 stars 5 forks source link

Fix Improper Handling of Exceptional Conditions in Newtonsoft #6

Open andrisecops opened 1 month ago

andrisecops commented 1 month ago

Affected of this project are vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed.

Deserializing methods (like JsonConvert.DeserializeObject) will process the input that results in burning the CPU, allocating memory, and consuming a thread of execution. Quite high nesting level (>10kk, or 9.5MB of {a:{a:{... input) is needed to achieve the latency over 10 seconds, depending on the hardware.

CWE-755 CVE-2024-21907