GHSA-pqhp-25j4-6hq9
MEDIUMsmol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Blast Radius
Weekly download volume for affected packages — a proxy for how broadly this vulnerability is deployed.
smol-tomlnpmDescription
Summary
An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects.
The library does not limit the maximum exploration depth while parsing or producing TOML documents, nor does it offer a way to do so.
Proof of concept
require("smol-toml").parse("e=" + "{e=".repeat(9999) + "{}" + "}".repeat(9999))
Impact
Applications which parse arbitrary TOML documents may suffer availability issues if they receive malicious input. If uncaught, the crash may cause the application itself to crash. The impact is deemed minor, as the function is already likely to throw errors on invalid input and therefore to properly handle errors.
Due to the design of most JavaScript runtimes, the uncontrolled recursion does not lead to excessive memory usage and the execution is quickly aborted.
As a reminder, it is strongly advised when working with untrusted user input to expect errors to occur and to appropriately catch them.
Patches
Version 1.3.1 offers a mechanism to limit the exploration depth before halting with a TomlError when parsing, with a default cap of 1000. A same mechanism has been implemented for stringifying objects.
Please note that the parser will still throw an error upon such cases. It is, however, a now-controlled and documented behavior of the library.
Workarounds
Wrap all invocations of parse and stringify in a try/catch block.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 📦npm | smol-toml | all versions | 1.3.1 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for smol-toml. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update smol-toml to 1.3.1 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-pqhp-25j4-6hq9 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-pqhp-25j4-6hq9 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-pqhp-25j4-6hq9. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-pqhp-25j4-6hq9 in your dependencies?
O3 detects GHSA-pqhp-25j4-6hq9 across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.