Why issue:
An attacker sends a very large JSON message (like 100MB) to the server.
The server tries to parse it immediately on the main thread, which takes a long time and blocks everything else.
During that time, no other users can use the system, causing a Denial of Service.
Issue: JSON.parse(raw) is called on the main thread without checking payload size.
Fix: Check data.length before parsing and reject messages larger than a specific limit (e.g., 10KB).
Why?: An attacker can send a massive JSON string (e.g., 100MB), causing the single-threaded server to freeze while parsing it (Denial of Service).
Steps to Reproduce
N/A
Expected Behavior
n/A
Desktop Operating System
Windows 10
Mobile Device (Client)
N/A
Rein Version
1
Console Logs / Error Messages
Screenshots / Recordings
N/A
Checklist