Foundation's JSONSerialization in Swift for Linux before 5.1.5 is vulnerable to a denial-of-service attack when parsing JSON. An attacker that can provide JSON input parsed using JSONSerialization (or JSONDecoder) can force JSONSerialization into arbitrarily deep recursion which can then lead to a stack overflow, crashing the process.
All versions of Swift for Linux up to and including 5.1.4 are affected by this issue.
We would like to thank @fabianfett for the initial report. We are working on issuing a CVE for this vulnerability and will update this post with a link once issued.