| # JSON Model File DoS and Prototype Pollution PoC | |
| ## Vulnerability | |
| DoS via deeply nested/large JSON + prototype pollution for JS-based ML tools | |
| ## Files | |
| - `poc_deep_nest.json` — 10,000 levels deep, causes stack overflow on json.load() | |
| - `poc_huge_object.json` — 100K keys, causes excessive memory/CPU on parsing | |
| - `poc_prototype_pollution.json` — __proto__ pollution payload for TF.js/Node consumers | |
| ## Reproduce | |
| ```python | |
| import json | |
| # Stack overflow from deep nesting: | |
| with open('poc_deep_nest.json') as f: | |
| json.load(f) # RecursionError | |
| ``` | |