hjson-py stack exhaustion vulnerability

# Summary
A DOS vulnerability in hjson-py caused by crafted objects that deeply nested structures.

# Description
An issue was discovered in the latest hjson-py allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.
there is a similar [vulnerable](https://github.com/advisories/GHSA-5wfc-hjrc-gq87),but hjson-py has not similar fix logic.
The relevent code in [file1](https://github.com/hjson/hjson-py/blob/1687b811fcbbc54b5ac71cfbaa99f805e406fbcb/hjson/decoder.py)
eg.  parse_object ,parse_array,parse_string ,scan_object_once

# Patch
there is a similar fix [logic](https://github.com/hjson/hjson-java/pull/26/files)
Limit parse depth.

# Thanks
Thanks to YangChao Liu ([23210860056@m.fudan.edu.cn](mailto:23210860056@m.fudan.edu.cn))

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

hjson-py stack exhaustion vulnerability #38

Summary

Description

Patch

Thanks

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

hjson-py stack exhaustion vulnerability #38

Description

Summary

Description

Patch

Thanks

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions