jqlang jq JSON jq_test.c run_jq_tests assertion

...

CycloneDX Sunshine 安全漏洞

CycloneDX Sunshine is an open source visualization tool from CycloneDX. A security vulnerability exists in CycloneDX Sunshine version v0.9 that stems from processing JSON files without validating formulas, which could lead to a CSV injection attack...

GHSA-2RWM-XV5J-777P Eclipse Parsson stack overflow when parsing deeply nested input

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...

CVE-2023-7272

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...

Fedora: Security Advisory for jakarta-json (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-24786

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Security Bulletin: IBM Event Processing is vulnerable to a denial of service (CVE-2023-4043).

Summary IBM Event Processing is vulnerable to a denial of service due to parsson-1.1.2.jar component. Parsson provides an implementation of Jakarta JSON Processing Specification. Vulnerability Details CVEID:CVE-2023-4043 DESCRIPTION: Eclipse Parsson is vulnerable to a denial of service, caused by...

Security Bulletin: IBM Datapower Operations Dashboard to a denial of service caused by an unsafe deserialization flaw

Summary Apache Johnzon is used by the IBM Datapower Operations Dashboard in its JSON processing. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON...

Chrome Read-Only Property Overwrite Exploit

Chrome: Read-only property overwrite in TurboFan VULNERABILITY DETAILS While collecting information for a property store, TurboFan bails out if the property isn't writable2. Unfortunately, the branch condition1 does not include one of the store modes, namely kDefine. This allows an attacker to...

Security Bulletin: IBM Robotic Process Automation may be vulnerable to denail of service due to Newtonsoft.Json (IBM X-Force ID: 234366)

Summary Newtonsoft.Json is used by IBM Robotic Process Automation as part of JSON processing for .NET. IBM X-Force ID: 234366 Vulnerability Details IBM X-Force ID: 234366 DESCRIPTION: Newtonsoft.Json is vulnerable to a denial of service, caused by improper handling of StackOverFlow exception SOE...

Denial Of Service (DoS)

play2.12 is vulnerable to denial of service. The vulnerability exists when using the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value, allowing an attacker to crash the application through the OutOfMemoryError by providing a deeply-nested JSON obje...

CVE-2020-27718

When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...

Debian DLA-2406-1 : jackson-databind security update

It was discovered that there was an external entity expansion vulnerability in jackson-databind, a Java library for processing JSON. For Debian 9 'Stretch', this problem has been fixed in version 2.8.6-1+deb9u8. We recommend that you upgrade your jackson-databind packages. For the detailed securi...

DEBIAN-CVE-2019-12814

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...

MGASA-2017-0415 Updated jq packages fix security vulnerabilities

A heap-based buffer overflow flaw was found in jq's tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system CVE-2015-8863. Stack exhaustion could affect...

USN-3479-1 postgresql-9.3, postgresql-9.5, postgresql-9.6 vulnerabilities

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2017-15098 Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing...

UBUNTU-CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...