Found by Gemeni ...
Issue Description
The unwrapFEELValue function is recursive and lacks a depth limit or cycle detection. If the evaluation result contains a circular structure (e.g., a map that contains itself, which could be provided via the scope), the function will recurse infinitely, leading to a stack overflow and process crash. This represents a potential Denial of Service (DoS) vulnerability.
File eval.go
Function func unwrapFEELValue(v any) (any, error) {...}
classification: Medium Priority
Found by Gemeni ...
Issue Description
The unwrapFEELValue function is recursive and lacks a depth limit or cycle detection. If the evaluation result contains a circular structure (e.g., a map that contains itself, which could be provided via the scope), the function will recurse infinitely, leading to a stack overflow and process crash. This represents a potential Denial of Service (DoS) vulnerability.
File
eval.goFunction
func unwrapFEELValue(v any) (any, error) {...}classification: Medium Priority