Publish GHSA-hx9q-6w63-j58v

Author: advisory-database[bot]

advisories/github-reviewed/2026/01/GHSA-hx9q-6w63-j58v/GHSA-hx9q-6w63-j58v.json

@@ -1,17 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hx9q-6w63-j58v",
-  "modified": "2026-01-23T16:56:03Z",
+  "modified": "2026-03-12T20:49:09Z",
   "published": "2026-01-22T18:30:33Z",
   "aliases": [
     "CVE-2025-67221"
   ],
   "summary": "orjson does not limit recursion for deeply nested JSON documents",
-  "details": "The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.",
+  "details": "The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents.",
   "severity": [
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"
     }
   ],
   "affected": [
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "3.11.4"
+              "fixed": "3.11.6"
             }
           ]
         }
@@ -48,6 +48,10 @@
       "type": "WEB",
       "url": "https://github.com/kpatsakis/CVE-2025-67221/issues/1"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/ijl/orjson"
@@ -61,7 +65,7 @@
     "cwe_ids": [
       "CWE-770"
     ],
-    "severity": "MODERATE",
+    "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-01-22T18:55:43Z",
     "nvd_published_at": "2026-01-22T17:16:01Z"