It is recommended to avoid using aeson when it is possible to receive input data directly from the server. A remote attacker could still produce a hash collision using a timing attack by sending a large number of requests to a service using aeson. In a cloud environment, this issue could be amplified since there is no way to control the server software version.

Reverse geocoding is a popular use case of aeson. It is considered a best practice to avoid using aeson in production due to its high potential for misuse.

Avoid Numbers in User Inputs

It is recommended to avoid using aeson when it is possible to receive input data directly from the server. A remote attacker could still produce a hash collision using a timing attack by sending a large number of requests to a service using aeson. In a cloud environment, this issue could be amplified since there is no way to control the server software version.

Reverse geocoding is a popular use case of aeson. It is considered best practice to avoid using aeson in production due to its high potential for misuse.

Timeline

Published on: 10/10/2022 22:15:00 UTC
Last modified on: 10/11/2022 18:58:00 UTC

References