GHSA-7MW3-79JQ-XC7F

Vulnerability from github – Published: 2026-05-06 22:06 – Updated: 2026-05-06 22:06
VLAI
Summary
aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)
Details

Impact

aiograpi 0.6.6 / 0.7.0 / 0.7.1 declared orjson==3.11.6 (and later ==3.11.8) in requirements.txt but setup.py carried a hard-coded duplicate requirements = [...] list that was never updated and still pinned orjson==3.11.4.

When setuptools builds the source distribution it reads the metadata from setup.py, not from requirements.txt. So pip install aiograpi==0.6.6 (or 0.7.0 / 0.7.1) actually pulls orjson==3.11.4 — a version vulnerable to CVE-2025-67221 (stack overflow in orjson.dumps on deeply nested JSON inputs).

Practical exploitability

Low in the typical aiograpi flow: orjson is used to encode request bodies aiograpi itself constructs and to decode responses returned by Instagram. An attacker would need to coerce aiograpi to encode an attacker-controlled deeply-nested Python structure or to decode an attacker-supplied stream — not the normal call shape.

However any caller doing client.public_request(...) or similar with caller-controlled payloads, or any caller passing aiograpi-decoded last_json into recursive serialization, may hit the unbounded recursion. The patched orjson rejects deeply-nested inputs cleanly.

Patches

Fixed in aiograpi 0.7.2 by migrating to pyproject.toml (PEP 621) — single source of truth for dependencies. PyPI installs of 0.7.2 and later resolve orjson==3.11.8 correctly.

Workarounds

Force-install a non-vulnerable orjson alongside the affected aiograpi version:

pip install 'aiograpi==0.7.1' 'orjson>=3.11.6'

Or just upgrade to a fixed aiograpi:

pip install -U 'aiograpi>=0.7.2'

Resources

  • orjson CVE-2025-67221 advisory: https://github.com/ijl/orjson/security/advisories
  • aiograpi 0.7.2 changelog (security section): https://github.com/subzeroid/aiograpi/blob/main/CHANGELOG.md#072--2026-04-27
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "aiograpi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.6.6"
            },
            {
              "fixed": "0.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T22:06:11Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "## Impact\n\naiograpi 0.6.6 / 0.7.0 / 0.7.1 declared `orjson==3.11.6` (and later `==3.11.8`) in `requirements.txt` but `setup.py` carried a hard-coded duplicate `requirements = [...]` list that was never updated and still pinned `orjson==3.11.4`.\n\nWhen `setuptools` builds the source distribution it reads the metadata from `setup.py`, not from `requirements.txt`. So `pip install aiograpi==0.6.6` (or 0.7.0 / 0.7.1) actually pulls `orjson==3.11.4` \u2014 a version vulnerable to **CVE-2025-67221** (stack overflow in `orjson.dumps` on deeply nested JSON inputs).\n\n## Practical exploitability\n\nLow in the typical aiograpi flow: `orjson` is used to encode request bodies aiograpi itself constructs and to decode responses returned by Instagram. An attacker would need to coerce aiograpi to encode an attacker-controlled deeply-nested Python structure or to decode an attacker-supplied stream \u2014 not the normal call shape.\n\nHowever any caller doing `client.public_request(...)` or similar with caller-controlled payloads, or any caller passing aiograpi-decoded `last_json` into recursive serialization, may hit the unbounded recursion. The patched orjson rejects deeply-nested inputs cleanly.\n\n## Patches\n\nFixed in **aiograpi 0.7.2** by migrating to `pyproject.toml` (PEP 621) \u2014 single source of truth for dependencies. PyPI installs of 0.7.2 and later resolve `orjson==3.11.8` correctly.\n\n## Workarounds\n\nForce-install a non-vulnerable orjson alongside the affected aiograpi version:\n\n```\npip install \u0027aiograpi==0.7.1\u0027 \u0027orjson\u003e=3.11.6\u0027\n```\n\nOr just upgrade to a fixed aiograpi:\n\n```\npip install -U \u0027aiograpi\u003e=0.7.2\u0027\n```\n\n## Resources\n\n- orjson CVE-2025-67221 advisory: https://github.com/ijl/orjson/security/advisories\n- aiograpi 0.7.2 changelog (security section): https://github.com/subzeroid/aiograpi/blob/main/CHANGELOG.md#072--2026-04-27",
  "id": "GHSA-7mw3-79jq-xc7f",
  "modified": "2026-05-06T22:06:11Z",
  "published": "2026-05-06T22:06:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/subzeroid/aiograpi/security/advisories/GHSA-7mw3-79jq-xc7f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ijl/orjson/security/advisories"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/subzeroid/aiograpi"
    },
    {
      "type": "WEB",
      "url": "https://github.com/subzeroid/aiograpi/blob/main/CHANGELOG.md#072--2026-04-27"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "aiograpi has dependency on vulnerable orjson 3.11.4 (CVE-2025-67221)"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…