Ping Identity PingFederate Security Vulnerability

Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1 that stems from the presence of a potential JSON injection attack vector using...

CVE-2024-3102

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

CVE-2024-3102

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

CVE-2024-3102

CVE-2024-3102 affects mintplex-labs/anything-llm via a JSON Injection in the login flow, specifically the username parameter at /api/request-token. The root cause is improper handling of values, enabling brute-force attempts without prior username knowledge and, once the password is known, blind ...

PT-2024-23727 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: A JSON Injection issue exists in the application, specifically within the username parameter during the login process at the "/api/request-token" endpoint. This issue...

CVE-2024-36039

CVE-2024-36039 affects PyMySQL up to 1.1.0, where untrusted JSON input can cause SQL injection because escape_dict does not escape keys. Connected documents corroborate vulnerability details and indicate fixes in newer PyMySQL releases (e.g., PyMySQL 1.1.1+ and package updates across Linux distri...

PT-2024-24925 · WordPress · Smartcrawl

Name of the Vulnerable Software and Affected Versions: SmartCrawl WordPress SEO checker plugin versions up to, and including, 3.10.2 Description: The issue is related to unauthorized ld+json description injection due to a missing capability check on the save settings function. This allows...

Cross Site Scripting in Open Web Analytics on most statistics related pages

Description The makeJson method within the owatemplate class generates a JSON string in an unsafe manner. This method is utilized within the report.tpl file, where it receives parameters from the URL and generates a JSON string using them without properly sanitizing. Proof of Concept The...

JSON context breaking in Bio.tokenURI

Lines of code Vulnerability details Impact Bio.tokenURI function returns an encoded JSON which is supposed to be parsed by a browser or another tool. The field description contains unsanitized user input and can be fully controlled by a hacker when they create an NFT via Bio.mintstring calldata...

Bio Protocol - tokenURI JSON injection

Lines of code Vulnerability details Impact The Bio Protocol allows users to mint Bio NFTs that represent user's bio. Once NFT is minted anyone can trigger tokenURI to retrieve JSON data with the bio and generated svg image. Example JSON content decoded from Base64: "name": "Bio 1", "description":...

SUSE CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2023-25560 JSON Injection in DataHub

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

CVE-2023-25560 JSON Injection in DataHub

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

Denial Of Service (DoS)

org.codehaus.jettison:jettison is vulnerable to denial of service DoS attacks. A remote attacker is able to cause a stack overflow via injecting crafted JSON data, resulting in denial of service conditions...

Security Bulletin: IBM DataPower Gateway permits reflected JSON injection (CVE-2021-38910)

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-38910 DESCRIPTION: IBM DataPower Gateway could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this...

openSUSE 15 Security Update : netdata (openSUSE-SU-2021:1603-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1603-1 advisory. - An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data i...

Uncaught Exception in mercurius

Impact Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. Patches The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2...

CVE-2021-39205

CVE-2021-39205 affects Jitsi Meet up to version 2.0.6173. The issue is a client-side cross-site scripting vulnerability caused by injecting properties into JSON objects that were not properly escaped. Impact is described as a potential for script execution in the browser context of the user, with...