Denial Of Service (DoS)

johnzon-mapper is vulnerable to Denial Of Service DoS. The vulnerability exists because it does not validate JSON user input for large numbers, which allows an attacker to inject a large number which will then be parsed by BigDecimal, resulting in Denial of Service...

CVE-2023-33460

A flaw was found in the yajl library, which exists due to a memory leak within the yajltreeparse function. This flaw allows a remote attacker to parse malicious JSON input to cause out-of-memory in the server, causing a crash, resulting in a denial of service attack...

Apache Johnzon Deserialization of Untrusted Data vulnerability

A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion Denial of service risk. Apache Johnzon 1.2.21 mitigates this by setting a...

CVE-2023-33008

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result ...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result ...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

CVE-2023-1370

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

tomcat: JsonErrorReportValve injection

A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values...

PT-2023-15530 · Secvisogram · Csaf-Validator-Service

Name of the Vulnerable Software and Affected Versions: Secvisogram csaf-validator-service versions prior to 0.1.0 Description: The issue is related to insufficient input validation of requests by an unauthenticated remote user, which might lead to a partial Denial of Service DoS of the service...

CVE-2022-3433

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...

CVE-2022-3433

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...

Design/Logic Flaw

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...

CVE-2022-3433

The CVE-2022-3433 entry concerns the aeson library, which is not safe to use with untrusted JSON input. Multiple connected sources describe a hash-flooding (hash DoS) vulnerability triggered by crafted JSON data that exploits the underlying unordered-containers HashMap, enabling remote denial of ...

CVE-2022-3433

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...

CVE-2022-3433

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...

GHSA-V8X6-59G4-5G3W Denial of service binding form from JSON in Play Framework

Impact A denial-of-service vulnerability has been discovered in Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value. If the JSON data being bound to the form...

Tidwall Gjson Denial of Service Vulnerability

Tidwall Gjson is a Go-based code library for interacting with json formatted data. a denial of service vulnerability exists in Tidwall Gjson version 1.9.2 and prior. An attacker could exploit this vulnerability to cause a denial of service of the application via specially crafted JSON input...

GHSA-C9GM-7RFJ-8W5H Duplicate Advisory: ReDoS via crafted JSON input in GJSON

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. Original Description GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

shvl vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Details The NPM module 'shvl' can be abused by Prototype Pollution vulnerability since the function 'set' did not check for the...

Input validation

GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...