{"id":"GO-2025-3533","summary":"Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter","details":"Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter","aliases":["CVE-2025-30153","GHSA-wq9g-9vfc-cfq9"],"modified":"2026-02-04T03:18:30.751325Z","published":"2025-03-26T17:24:24Z","related":["CGA-2496-32ph-55j5"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3533"},"references":[{"type":"ADVISORY","url":"https://github.com/getkin/kin-openapi/security/advisories/GHSA-wq9g-9vfc-cfq9"},{"type":"FIX","url":"https://github.com/getkin/kin-openapi/commit/67f0b233ffc01332f7d993f79490fbea5f4455f1"},{"type":"FIX","url":"https://github.com/getkin/kin-openapi/pull/1059"},{"type":"WEB","url":"https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1275"},{"type":"WEB","url":"https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1523"},{"type":"WEB","url":"https://github.com/getkin/kin-openapi?tab=readme-ov-file#custom-content-type-for-body-of-http-requestresponse"}],"affected":[{"package":{"name":"github.com/getkin/kin-openapi","ecosystem":"Go","purl":"pkg:golang/github.com/getkin/kin-openapi"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.131.0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/getkin/kin-openapi/openapi3filter","symbols":["ValidateParameter","ValidateRequest","ValidateRequestBody","ValidateResponse","ValidationHandler.ServeHTTP","csvBodyDecoder","joinValues","multipartBodyDecoder","plainBodyDecoder","urlencodedBodyDecoder","yamlBodyDecoder","zipFileBodyDecoder"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3533.json"}}],"schema_version":"1.7.3"}