[HIGH] Unsafe JSON Parsing - CVE-HSYNC-2026-005

## Security Vulnerability Report

**Severity**: HIGH (CVSS 7.3)
**File**: `connection.js`, `lib/peers.js`

### Description
Multiple instances of `JSON.parse()` on untrusted input without proper error handling or validation.

### Vulnerable Code
```javascript
const msg = JSON.parse(message.toString()); // No validation
```

### Impact
- Application crashes
- Potential code execution
- Service disruption

### Recommendation
Implement proper JSON validation and error handling for all parsing operations.

### References
- Found during security audit of hsync reverse proxy
- Part of comprehensive security review identifying 13 vulnerabilities

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[HIGH] Unsafe JSON Parsing - CVE-HSYNC-2026-005 #24

Security Vulnerability Report

Description

Vulnerable Code

Impact

Recommendation

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[HIGH] Unsafe JSON Parsing - CVE-HSYNC-2026-005 #24

Description

Security Vulnerability Report

Description

Vulnerable Code

Impact

Recommendation

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions