Upload README.md with huggingface_hub
Browse files
README.md
ADDED
|
@@ -0,0 +1,17 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# JSON Model File DoS and Prototype Pollution PoC
|
| 2 |
+
|
| 3 |
+
## Vulnerability
|
| 4 |
+
DoS via deeply nested/large JSON + prototype pollution for JS-based ML tools
|
| 5 |
+
|
| 6 |
+
## Files
|
| 7 |
+
- `poc_deep_nest.json` — 10,000 levels deep, causes stack overflow on json.load()
|
| 8 |
+
- `poc_huge_object.json` — 100K keys, causes excessive memory/CPU on parsing
|
| 9 |
+
- `poc_prototype_pollution.json` — __proto__ pollution payload for TF.js/Node consumers
|
| 10 |
+
|
| 11 |
+
## Reproduce
|
| 12 |
+
```python
|
| 13 |
+
import json
|
| 14 |
+
# Stack overflow from deep nesting:
|
| 15 |
+
with open('poc_deep_nest.json') as f:
|
| 16 |
+
json.load(f) # RecursionError
|
| 17 |
+
```
|