Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Airflow
- Attr
- Aws-lambda
- Code
- Deserialization
- Tainted-dill-aws-lambda
- Tainted-json-aws-lambda
- Tainted-jsonpickle-aws-lambda
- Tainted-marshal-aws-lambda
- Tainted-numpy-pickle-aws-lambda
- Tainted-pandas-hdf-aws-lambda
- Tainted-pandas-pickle-aws-lambda
- Tainted-pickle-aws-lambda
- Tainted-pyyaml-aws-lambda
- Tainted-ruamel-aws-lambda
- Tainted-shelve-aws-lambda
- Tainted-torch-pickle-aws-lambda
- File
- Os
- Security
- Bokeh
- Boto3
- Cassandra
- Click
- Correctness
- Couchbase
- Cryptography
- Distributed
- Django
- Docker
- Elasticsearch
- Fastapi
- Flask
- Jinja2
- Jwt
- Lang
- Ldap3
- Mariadb
- Mysql
- Mysqlclient
- Neo4j
- Openai
- Peewee
- Pg8000
- Psycopg2
- Pycryptodome
- Pyjwt
- Pymongo
- Pymssql
- Pymysql
- Pyramid
- Redis
- Requests
- Sh
- Sqlalchemy
- Tormysql
- Urllib3
- Webrepl
- Wtforms
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Tainted-json-aws-lambda
Tainted json aws lambda
The application may convert user-controlled data into a JSON object, which can lead the decoder to consume considerable CPU and memory resources, potentially causing DoS (Denial of Service). The documentation for the json
package recommends limiting the size of data to be parsed.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures