CVE-2024-58103 Vulnerabilities

[s-yonkov-yonkov]

Published Vulnerabilities:
CVE: CVE-2024-58103

Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.

[Kehrlann]

Since we read from a well-known API, I do not think the threat profile is high.

This is a medium-score, I'm going to close this and we'll upgrade versions in a later release as part of maintenance.