{"id":"GO-2022-0965","summary":"Unbounded recursion in JSON parsing in k8s.io/apimachinery","details":"Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics.","aliases":["GHSA-74fp-r6jw-h4mp"],"modified":"2026-02-04T02:40:15.483575Z","published":"2022-09-02T21:12:51Z","related":["CGA-q6h9-3c8f-6fh3"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0965","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/kubernetes/kubernetes/pull/83261"},{"type":"WEB","url":"https://github.com/advisories/GHSA-pmqp-h87c-mr78"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11253"}],"affected":[{"package":{"name":"k8s.io/apimachinery","ecosystem":"Go","purl":"pkg:golang/k8s.io/apimachinery"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20190927203648-9ce6eca90e73"}]}],"ecosystem_specific":{"imports":[{"symbols":["Serializer.Decode","Serializer.Encode","customNumberDecoder.Decode"],"path":"k8s.io/apimachinery/pkg/runtime/serializer/json"},{"symbols":["Unmarshal"],"path":"k8s.io/apimachinery/pkg/util/json"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0965.json"}}],"schema_version":"1.7.3"}