Uncontrolled Recursion Affecting thingsboard package, versions <3.7-r4
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CHAINGUARDLATEST-THINGSBOARD-7981687
- published 16 Sep 2024
- disclosed 22 Mar 2023
Introduced: 22 Mar 2023
CVE-2023-1370 Open this link in a new tabHow to fix?
Upgrade Chainguard thingsboard to version 3.7-r4 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream thingsboard package and not the thingsboard package as distributed by Chainguard.
See How to fix? for Chainguard relevant fixed versions and status.
Json-smart is a performance focused, JSON processor lib.
When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.
It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.