libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

RHEL 9 : libfastjson (RHSA-2024:1154)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1154 advisory. The libfastjson library provides essential JavaScript Object Notation JSON handling functions. The library enables users to construct JSON objects in...

CVE-2024-24246

A flaw was found in qpdf. Processing a specially crafted JSON file using the --json-input command line option may lead to a heap-based buffer over-read, resulting in an application crash...

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

langchain vulnerable to arbitrary code execution

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the loadprompt parameter. This is related to subclasses or a template...

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

Design/Logic Flaw

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

LangChain 代码注入漏洞

LangChain builds applications using LLM through composability. A code injection vulnerability exists in LangChain version v.0.0.171 that could allow a remote attacker to execute arbitrary code via a json file and the loadprompt parameter...

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

Privilege escalation

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

Local file read through %load_json

Description When ALLOWPLANTUMLINCLUDE is set to false the default settings in the online server, !include processing is turned off, preventing local files from being read. However, other features like %loadjson can still access local files. Since many people will run plantuml-server in its defaul...

Cross site scripting

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...

CVE-2023-2587

Teltonika RMS (Remote Management System) and its RUT routers are affected by multiple CVEs (CVE-2023-32346, -32347, -32348, -32349, -32350, -2587, -2586, -2588) due to XSS, improper authentication, SSRF, OS command injection, and exposed configuration. RMS pre-4.10.0 and RMS pre-4.14.0 (for -2586...

The vulnerability of NETGEAR RAX30 router microprogramming software lies in the lack of proper verification of the length of user data before it is copied into the fixed-length stack buffer. This allows a hacker to execute arbitrary code in the context of the root user.

The vulnerability of NETGEAR RAX30 router microprogramming software lies in the lack of proper verification of the length of user data before it is copied into the fixed-length stack buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context using...

SUSE-SU-2023:2135-1 Security update for libfastjson

This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file bsc1171479...

Updated libfastjson packages fix security vulnerability

Integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762...