HIGH
Faraday Project
CVE published 2026-06-24
CVE-2026-54297
CVE-2026-54297 is a HIGH severity vulnerability in Faraday, an HTTP client library abstraction layer. The vulnerability allows for denial of service via a deeply nested Ruby Hash structure. Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string causes Faraday to build a deep [truncated]