Hacdias

**Name of the Vulnerable Software and Affected Versions** go-ipld-prime versions prior to 0.19.0 **Description** The issue arises when encoding data that contains a `Bytes` kind Node using the `json` codec, causing the encoder to panic as it does not expect to receive `Bytes` tokens. This should be treated as an error since plain JSON cannot encode bytes. The `dag-json` codec is not impacted, and neither is the use of `json` as a decoder. If the `json` codec is used to encode user-supplied data, it may be used as a vector for a denial of service attack. **Recommendations** For versions prior to 0.19.0, update to version 0.19.0 to resolve the issue. As a temporary workaround, consider using the `dag-json` codec, which has the ability to encode bytes, instead of the `json` codec for encoding data that contains `Bytes` kind Nodes.