The json.decode function in util/json.lua in Prosody 0.8.x prior to 0.8.1 might allow remote malicious users to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prosody prosody 0.8.0 |