Lucene search
K

130 matches found

OSV
OSV
added 2026/07/01 12:16 a.m.4 views

DEBIAN-CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

UBUNTU-CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 11:16 p.m.32 views

CVE-2026-54592 Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS0.00263EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 11:16 p.m.4 views

CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0
Snyk
Snyk
added 2026/06/23 9:21 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the...

7.5CVSS5.8AI score0.00616EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:30 p.m.12 views

protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/09 10:38 p.m.35 views

CVE-2026-46373

Affected software: SQLFluff (SQL linter/formatter) with parsers for multiple dialects. Vulnerability: In versions before 4.1.0, an untrusted user can submit deeply nested SQL queries that trigger a Denial of Service through resource exhaustion when parsed. Root cause: recursive/stack-based parsin...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.14 views

CVE-2026-42358

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 9:16 a.m.30 views

CVE-2026-42358

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:49 a.m.15 views

EUVD-2026-33589

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.8AI score0.00421EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 7:49 a.m.21 views

CVE-2026-42358

Summary (CVE-2026-42358): In Apache Airflow, the Variable response masker can bypass nested-key redaction when JSON values are deeply nested. Keys ending with secret-like suffixes (password, token, secret, api_key) could have their plaintext values exposed if nesting depth exceeds the masker's re...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45370

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the Variable response masker allows the bypass of nested-key redaction when the nesting depth of a JSON value exceeds the recursion limit of the shared secrets masker. This occurs wit...

6.5CVSS6AI score0.00335EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.13 views

SUSE CVE-2026-42328

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

6.2CVSS5.9AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2427 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2426 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2424 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
ATTACKERKB
ATTACKERKB
added 2026/05/19 2:51 a.m.9 views

CVE-2026-47307

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:46 p.m.6 views

CVE-2026-45740

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.17 views

SUSE CVE-2026-40612

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

6.6CVSS5.8AI score0.00161EPSS
Exploits1References3
CVE
CVE
added 2026/05/12 7:20 p.m.21 views

CVE-2026-42355

CVE-2026-42355 affects NanaZip, an open‑source file archive. The issue is an uncontrolled recursion in the Electron Archive (ASAR) parser when opening a crafted .asar with deeply nested JSON in the header. The recursion occurs in both nlohmann::json::parse and the handler’s GetAllPaths, consuming...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder