40 matches found
CVE-2026-52746
JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...
CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion
JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...
CVE-2026-52746
CVE-2026-52746 concerns the JSONata language. Affected: jsonata prior to version 2.2.0. Issue: malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications evaluating JSONata expressions. ...
CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion
JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...
Regular Expression Denial of Service (ReDoS)
Overview jsonata is a JSON query and transformation language Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $toMillis function. An attacker can cause resource exhaustion by providing specially crafted inputs that trigger excessive backtracki...
jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion
Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:jsonata is a JSON query and transformation language Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $toMillis function. An attacker can cause resource exhaustion by providing specially crafted inputs that trigger...
GHSA-86VW-MFPG-WWV9 jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion
Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...
NPM: jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion
NPM: jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion vulnerability discovered by ? in WordPress Npm jsonata versions 2.2.0...
PT-2026-55476
Name of the Vulnerable Software and Affected Versions JSONata versions prior to 2.2.0 Description Malicious non-matching inputs provided to the $toMillis function can trigger superlinear backtracking within the ISO-8601 validation regex. This behavior can lead to a denial of service in applicatio...
PT-2026-55378
Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...
CVE-2026-12208
A flaw was found in the jsonata JavaScript library. A prototype pollution vulnerability exists in the createFrame function in src/jsonata.js, allowing a remote attacker to manipulate object prototype attributes. This could lead to unauthorized modification of application behavior. Mitigation Do n...
CVE-2026-12208
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...
CVE-2026-12208 jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...
CVE-2026-12208 jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...
CVE-2026-12208
CVE-2026-12208 affects the jsonata-js package (up to 2.2.0) in the Function Binding Frame System. The vulnerability is in the function createFrame (src/jsonata.js) where an attacker can perform a prototype pollution attack by manipulating object prototype attributes. This can be triggered remotel...
EUVD-2026-36682
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...
PT-2026-49170
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...
EUVD-2024-0922
Malicious code in bioql PyPI...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonata-js JSONata
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonata-js JSONata. Vulnerability Details CVEID:CVE-2024-27307 DESCRIPTION: jsonata-js JSONata could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JSONata...