tainted-json-aws-lambda
tainted-json-aws-lambda
The application may convert user-controlled data into a JSON object, which can lead the decoder to consume considerable CPU and memory resources, potentially causing DoS (Denial of Service). The documentation for the
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures
json package recommends limiting the size of data to be parsed. Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures