recursion dos

Expr’s evaluator can be crashed by ordinary builtin calls: a newly assigned CVE shows several widely used functions in the Expr Go package performed unbounded recursion over user-supplied data and could exhaust the Go runtime stack, allowing attackers to cause a process-level denial of service...