data/reports/GO-2025-3533.yaml - vulndb - Git at Google

 id: GO-2025-3533
 modules:
     - module: github.com/getkin/kin-openapi
       versions:
         - fixed: 0.131.0
       vulnerable_at: 0.130.0
       packages:
         - package: github.com/getkin/kin-openapi/openapi3filter
           symbols:
             - plainBodyDecoder
             - yamlBodyDecoder
             - urlencodedBodyDecoder
             - multipartBodyDecoder
             - zipFileBodyDecoder
             - csvBodyDecoder
             - joinValues
           derived_symbols:
             - ValidateParameter
             - ValidateRequest
             - ValidateRequestBody
             - ValidateResponse
             - ValidationHandler.ServeHTTP
 summary: |-
     Improper Handling of Highly Compressed Data (Data Amplification) in
     github.com/getkin/kin-openapi/openapi3filter
 cves:
     - CVE-2025-30153
 ghsas:
     - GHSA-wq9g-9vfc-cfq9
 references:
     - advisory: https://github.com/getkin/kin-openapi/security/advisories/GHSA-wq9g-9vfc-cfq9
     - fix: https://github.com/getkin/kin-openapi/commit/67f0b233ffc01332f7d993f79490fbea5f4455f1
     - fix: https://github.com/getkin/kin-openapi/pull/1059
     - web: https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1275
     - web: https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1523
     - web: https://github.com/getkin/kin-openapi?tab=readme-ov-file#custom-content-type-for-body-of-http-requestresponse
 source:
     id: GHSA-wq9g-9vfc-cfq9
     created: 2025-03-25T12:09:20.279707-04:00
 review_status: REVIEWED
	id: GO-2025-3533
	modules:
	- module: github.com/getkin/kin-openapi
	versions:
	- fixed: 0.131.0
	vulnerable_at: 0.130.0
	packages:
	- package: github.com/getkin/kin-openapi/openapi3filter
	symbols:
	- plainBodyDecoder
	- yamlBodyDecoder
	- urlencodedBodyDecoder
	- multipartBodyDecoder
	- zipFileBodyDecoder
	- csvBodyDecoder
	- joinValues
	derived_symbols:
	- ValidateParameter
	- ValidateRequest
	- ValidateRequestBody
	- ValidateResponse
	- ValidationHandler.ServeHTTP
	summary: \|-
	Improper Handling of Highly Compressed Data (Data Amplification) in
	github.com/getkin/kin-openapi/openapi3filter
	cves:
	- CVE-2025-30153
	ghsas:
	- GHSA-wq9g-9vfc-cfq9
	references:
	- advisory: https://github.com/getkin/kin-openapi/security/advisories/GHSA-wq9g-9vfc-cfq9
	- fix: https://github.com/getkin/kin-openapi/commit/67f0b233ffc01332f7d993f79490fbea5f4455f1
	- fix: https://github.com/getkin/kin-openapi/pull/1059
	- web: https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1275
	- web: https://github.com/getkin/kin-openapi/blob/6da871e0e170b7637eb568c265c08bc2b5d6e7a3/openapi3filter/req_resp_decoder.go#L1523
	- web: https://github.com/getkin/kin-openapi?tab=readme-ov-file#custom-content-type-for-body-of-http-requestresponse
	source:
	id: GHSA-wq9g-9vfc-cfq9
	created: 2025-03-25T12:09:20.279707-04:00
	review_status: REVIEWED