Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

cloudflare/capnweb
main @ bc4bc45
4
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Denial of Service: 2 prior fixes. Scrutinize any change in this area.
src/serialize.ts: most-fixed (2 issues). Treat as high-risk during review.
4 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Denial of Service: Deserialization of untrusted RPC messages can lead to CPU and memory exhaustion if limits on message size, recursion nesting depth, and BigInt representation lengths are not enforced.
Prototype Pollution: During error deserialization, malicious payloads containing Object.prototype keys can hijack execution flow or cause type-confusion unless filtered or loaded into null-prototype maps.
Auth Bypass: Attackers can bypass input validation mechanisms by accessing undeclared target properties or calling private platform methods unless restricted by an explicit, strictly-enforced RPC target allowlist.