hjson-py stack exhaustion vulnerability

[scacaca]

Summary

A DOS vulnerability in hjson-py caused by crafted objects that deeply nested structures.

Description

An issue was discovered in the latest hjson-py allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures. there is a similar vulnerable,but hjson-py has not similar fix logic. The relevent code in file1 eg. parse_object ,parse_array,parse_string ,scan_object_once

Patch

there is a similar fix logic Limit parse depth.

Thanks

Thanks to YangChao Liu ([email protected])