Home

Description

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.

PUBLISHED Reserved 2025-12-08 | Published 2026-01-22 | Updated 2026-01-22 | Assigner mitre

References

github.com/kpatsakis/orjson_vulnerability

github.com/ijl/orjson

cve.org (CVE-2025-67221)

nvd.nist.gov (CVE-2025-67221)

Download JSON