I got notified about this vulnerability, it claims to allow potential denial of service attacks: GHSA-h9q6-hc68-35rp
As of now, I don't see a patched release in the msgpack repository, but I wanted to open a discussion here. Is JSON performing significantly worse for metrics?
It seems like the vulnerability could be executed only if VMMetrics are enabled through wasmd options on chain.
I got notified about this vulnerability, it claims to allow potential denial of service attacks: GHSA-h9q6-hc68-35rp
As of now, I don't see a patched release in the msgpack repository, but I wanted to open a discussion here. Is JSON performing significantly worse for metrics?
It seems like the vulnerability could be executed only if VMMetrics are enabled through wasmd options on chain.