Issue created from vulnerability <a href="https://labs.etsi.org/rep/ocf/capif/-/security/vulnerabilities/14">14</a> ### Description: Any project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of **recursive groups**, **recursive messages** or **a series of [`SGROUP`](https://protobuf.dev/programming-guides/encoding/#groups) tags** can be corrupted by exceeding the Python recursion limit. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team [ecosystem@trailofbits.com](mailto:ecosystem@trailofbits.com) * Severity: unknown * Location: [services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt](https://labs.etsi.org/rep/rep/ocf/capif/-/blob/e0aeae5bfbf96a27a90486a702b28d9f3621ce1c/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt) ### Solution: Upgrade to versions 4.25.8, 5.29.5, 6.31.1 or above. ### Identifiers: * [CWE-937](https://cwe.mitre.org/data/definitions/937.html) * [CWE-1035](https://cwe.mitre.org/data/definitions/1035.html) * Gemnasium-0aea0b39-50bb-4660-ad1f-22ce501a3c8f * [CVE-2025-4565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4565) * [GHSA-8qvm-5x2c-j2w7](https://github.com/advisories/GHSA-8qvm-5x2c-j2w7) * [CWE-674](https://cwe.mitre.org/data/definitions/674.html) ### Scanner: * Name: gemnasium-python