89 matches found
PT-2021-23690 · Gjson +1 · Gjson +1
Name of the Vulnerable Software and Affected Versions: GJSON versions prior to 1.9.3 Description: The issue allows a ReDoS regular expression denial of service attack. GJSON is a Go package that provides a fast and simple way to get values from a JSON document. A maliciously crafted path can caus...
GHSA-3C6G-PVG8-GQW2 trentm/json vulnerable to command injection
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...
PT-2020-19734 · Json · Json
Name of the Vulnerable Software and Affected Versions: json versions prior to 10.0.0 Description: The issue allows for the injection of arbitrary commands using the parseLookup function. Recommendations: For versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a...
Huawei Data Communication: RCE Vulnerability in Jackson JSON library of Apache Struts2 (huawei-sa-20180228-01-struts)
Apache Struts2 released a remote code execution RCE vulnerability in S2-055 on the official website. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
DEBIAN-CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...
ALPINE-CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...
The vulnerability of the JSON-lib library and the camel-xmljson component of the Java framework Apache Camel, which allows attackers to execute an XXE attack
The vulnerability of the JSON-lib library and the camel-xmljson component of the Java framework Apache Camel is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to perform an XXE attack remotely...
Apache Camel vulnerable to XML external entity injection (XXE)
Overview Apache Camel provided by The Apache Software Foundation contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
[SECURITY] [DLA 1798-1] jackson-databind security update
Package : jackson-databind Version : 2.4.2-2+deb8u6 CVE ID : CVE-2019-12086 Debian Bug : 929177 A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint...
The vulnerability of the JSON-lib library used in REST plugins of the Apache Struts software framework allows attackers to induce a service failure.
The vulnerability of the JSON-Lib library used in Apache Struts’ REST framework programming platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
DEBIAN-CVE-2019-11835
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments...
Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)
According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is...
Debian DLA-1703-1 : jackson-databind security update
Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debi...
Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager
Summary Multiple security vulnerabilities affect Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8739 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity XXE vulnerability in JAX-RS implementation...
Security Bulletin: Multiple vulnerabilities has been identified in Jackson JSON library shipped with IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)
Summary Jackson JSON library is shipped as a component of IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library. Information about security vulnerabilities affecting Jackson JSON library has been published. The Netcool/OMNIbus Transport Module Common Integration...
Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 )
Summary IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability. IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system,...
Security Advisory - Remote Code Execution Vulnerability in Jackson JSON library of Apache Struts2
Apache Struts2 released a remote code execution vulnerability in S2-055 on the official website. An attacker is possible to perform a Remote Code Execution RCE attack with a malicious JSON packet. Vulnerability ID: HWPSIRT-2017-12002 This vulnerability has been assigned a Common Vulnerabilities a...
BSA-2018-588
Security Advisory ID : BSA-2018-588 Component : Apache Strusts2 Revision : 2.0: Final In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...
Apache Struts2 S2-055 DoS Vulnerability
Exploit for multiple platform in category dos / poc Summary Vulnerability in the Jackson JSON library Who should read this All Struts 2 developers and users which are using the REST plugin Impact of vulnerability Not clear, please read the linked issue for more details...
[SECURITY] [DSA 3966-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3966-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 05, 2017 https://www.debian.org/security/faq -...