How Zod's .refine() Can Cause a Denial of Service — And How to Fix It
TL;DR Zod's .refine() executes on every input — even when earlier validators like .min() and .max() have already failed. If you place an expensive operation such as a database query inside .refine(), an attacker can trigger that query with every request, including requests containing completely in
ORIGINAL SOURCE →via Dev.to
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · conflict
- [CONFLICT] Intermodal Asia
- [CONFLICT] Securing the Untrusted Agentic Development Layer
- [CONFLICT] [World Report] Health on the ballot in Senedd Cymru election
- [CONFLICT] [Perspectives] Amita Aggarwal: understanding autoimmune rheumatic diseases
- [CONFLICT] [Perspectives] Of memory, love, death, and Proust
- [CONFLICT] [Perspectives] Myopic medical harm: a man receives free colon cancer screening in Ghana