Lucene search
+L

40 matches found

NVD
NVD
added yesterday4 views

CVE-2026-52746

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday24 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS
Exploits0References6
CVE
CVE
added yesterday15 views

CVE-2026-52746

CVE-2026-52746 concerns the JSONata language. Affected: jsonata prior to version 2.2.0. Issue: malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications evaluating JSONata expressions. ...

7.5CVSS5.3AI score
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS5.3AI score
Exploits0References6
Snyk
Snyk
added 2026/07/02 8:13 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview jsonata is a JSON query and transformation language Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $toMillis function. An attacker can cause resource exhaustion by providing specially crafted inputs that trigger excessive backtracki...

8.7CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/02 8:13 p.m.17 views

jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion

Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...

7.5CVSS5.7AI score
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/07/02 8:13 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:jsonata is a JSON query and transformation language Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $toMillis function. An attacker can cause resource exhaustion by providing specially crafted inputs that trigger...

8.7CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/02 8:13 p.m.4 views

GHSA-86VW-MFPG-WWV9 jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion

Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...

7.5CVSS5.7AI score
Exploits0References7
Patchstack
Patchstack
added 2026/07/02 8:13 p.m.6 views

NPM: jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion

NPM: jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion vulnerability discovered by ? in WordPress Npm jsonata versions 2.2.0...

7.5CVSS5.9AI score
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55476

Name of the Vulnerable Software and Affected Versions JSONata versions prior to 2.2.0 Description Malicious non-matching inputs provided to the $toMillis function can trigger superlinear backtracking within the ISO-8601 validation regex. This behavior can lead to a denial of service in applicatio...

7.5CVSS5.3AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-55378

Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...

7.5CVSS5.7AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.10 views

CVE-2026-12208

A flaw was found in the jsonata JavaScript library. A prototype pollution vulnerability exists in the createFrame function in src/jsonata.js, allowing a remote attacker to manipulate object prototype attributes. This could lead to unauthorized modification of application behavior. Mitigation Do n...

6.9CVSS5.9AI score0.00314EPSS
Exploits0References8
NVD
NVD
added 2026/06/15 3:16 a.m.17 views

CVE-2026-12208

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS0.00314EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 2:0 a.m.8 views

CVE-2026-12208 jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 2:0 a.m.37 views

CVE-2026-12208 jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS0.00314EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 2:0 a.m.30 views

CVE-2026-12208

CVE-2026-12208 affects the jsonata-js package (up to 2.2.0) in the Function Binding Frame System. The vulnerability is in the function createFrame (src/jsonata.js) where an attacker can perform a prototype pollution attack by manipulating object prototype attributes. This can be triggered remotel...

6.9CVSS5.6AI score0.00314EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 2:0 a.m.13 views

EUVD-2026-36682

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49170

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS5.2AI score0.00314EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0922

Malicious code in bioql PyPI...

9.8CVSS8.1AI score0.01422EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:40 p.m.18 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonata-js JSONata

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonata-js JSONata. Vulnerability Details CVEID:CVE-2024-27307 DESCRIPTION: jsonata-js JSONata could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JSONata...

9.8CVSS9.8AI score0.01422EPSS
Exploits0Affected Software1
Rows per page
Query Builder