ph-json vulnerable to stack exhaustion

An issue was discovered ph-json through 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

Code injection

An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

PT-2023-24949 · Ph-Json · Ph-Json

Name of the Vulnerable Software and Affected Versions: ph-json versions 9.5.5 and earlier Description: An issue allows attackers to cause a denial of service or other unspecified impacts via a crafted object that uses cyclic dependencies. Recommendations: For versions 9.5.5 and earlier, consider...

CVE-2023-34612

An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...

GHSA-PQP3-8RRW-G8VM PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to a bug in netresearch/jsonmapper. The library wasn't doing proper checks when mapping JSON arrays and objects onto scalar model properties such as strings. Patches The problem was fixed in a...

MGASA-2023-0159 Updated libfastjson packages fix security vulnerability

Integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762...

SUSE CVE-2018-3280

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: JSON. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

json.h 缓冲区错误漏洞

json.h is a simple single header solution for parsing JSON in C and C++ from the individual developer Neil Henning. A security vulnerability exists in sheredom json.h, which stems from the discovery of a buffer overflow vulnerability contained in the jsonparsenumber function. An attacker can...

Denial Of Service (DoS)

hutool-json is vulnerable to denial of service. The vulnerability exists due to an out-of-memory error which allows an attacker to cause an application crash via malicious input...

ai.api.libai.speech:libai-speech-gcp (>=1.4.9 <=1.6.12), ai.apiverse:apipulse (>='1.0.3' <=1.0.20) +17584 more potentially affected by CVE-2022-45688 via org.json:json (>=20070829 <=20220924)

org.json:json MAVEN version =20070829, =1.4.9, ='1.0.3', =1.4.2, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.8.7 and more Source cves: CVE-2022-45688 Source advisory: OSV:GHSA-3VQJ-43W4-2Q58...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +263 more potentially affected by CVE-2022-45690 via cn.hutool:hutool-json (>=4.0.0 <=5.8.10)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2022-45690 Source advisory: OSV:GHSA-WHGH-G24C-3J5Q...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +263 more potentially affected by CVE-2022-45689 via cn.hutool:hutool-json (>=4.0.0 <=5.8.10)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2022-45689 Source advisory: OSV:GHSA-FXRC-HG6J-6V3X...

PT-2022-6898 · Unknown · Hutool-Json

Name of the Vulnerable Software and Affected Versions: hutool-json version 5.8.10 Description: The issue is related to a stack overflow in the org.json.JSONTokener.nextValue component of the hutool-json library, which can be exploited to cause a Denial of Service DoS via crafted JSON or XML data...

CVE-2022-45689

hutool-json v5.8.10 was discovered to contain an out of memory error...

PT-2022-6899 · Unknown · Hutool-Json

Name of the Vulnerable Software and Affected Versions: hutool-json version 5.8.10 Description: The issue in hutool-json is related to an out of memory error, which can be exploited by a remote attacker to cause a denial of service. This is due to a buffer overflow in memory. Recommendations: For...

CVE-2022-41714

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

d8s-asns (=0.1.0), d8s-domains (=0.1.0) +8 more potentially affected by unknown CVE via democritus-json (=2021.1.2501)

democritus-json PYPI version =2021.1.2501 is affected by a known vulnerability. The following packages have a transitive dependency on democritus-json and may be impacted: - d8s-asns =0.1.0 - d8s-domains =0.1.0 - d8s-html =0.1.0 - d8s-ip-addresses =0.1.0 - d8s-mpeg =0.1.0 - d8s-networking =0.1.0 ...

PT-2022-24607 · Pypi · Democritus-Strings +1

Name of the Vulnerable Software and Affected Versions: d8s-json version 0.1.0 Description: The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version 0.1.0,...

PT-2022-37383 · Pypi · D8S-Json +1

Name of the Vulnerable Software and Affected Versions: d8s-json version 0.1.0 Description: The d8s-json package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-strings package, which was inserted by a third party. Recommendations: For version...

com.github.fommil:spray-json-shapeless_2.12.0-RC2 (=1.3.0), com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-RC2 (=2.4.11) +1 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-RC2 (=1.3.2)

io.spray:spray-json2.12.0-RC2 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-RC2 and may be impacted: - com.github.fommil:spray-json-shapeless2.12.0-RC2 =1.3.0 -...