NIXPKGS-2026-2087
GitHub issue
published 2 hours ago
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder
Permalink
CVE-2026-14803
6.5 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
22 packages
- perlPackages.MojoliciousPluginI18N
- perlPackages.MojoliciousPluginMail
- perl5Packages.MojoliciousPluginI18N
- perl5Packages.MojoliciousPluginMail
- perlPackages.MojoliciousPluginStatus
- perlPackages.MojoliciousPluginSyslog
- perl5Packages.MojoliciousPluginStatus
- perl5Packages.MojoliciousPluginSyslog
- perlPackages.MojoliciousPluginOpenAPI
- perlPackages.MojoliciousPluginWebpack
- perl5Packages.MojoliciousPluginOpenAPI
- perl5Packages.MojoliciousPluginWebpack
- perlPackages.MojoliciousPluginGravatar
- perl5Packages.MojoliciousPluginGravatar
- perlPackages.MojoliciousPluginAssetPack
- perl5Packages.MojoliciousPluginAssetPack
- perlPackages.MojoliciousPluginRenderFile
- perl5Packages.MojoliciousPluginRenderFile
- perlPackages.MojoliciousPluginTextExceptions
- perl5Packages.MojoliciousPluginTextExceptions
- perlPackages.MojoliciousPluginTemplateToolkit
- perl5Packages.MojoliciousPluginTemplateToolkit
- @LeSuisse accepted
- @LeSuisse published on GitHub
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder
Mojolicious
- <9.47