Npm is-my-json-valid 资源管理错误漏洞

Npm is-my-json-valid is an application of the United States Npm . A JSONSchema is very fast to validate using a code generation mechanism. A resource management error vulnerability exists in is-my-json-valid, which stems from the use of an inefficient regular expression to validate a JSON field...

VulnCheck KEV: CVE-2020-7961

Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services...

The vulnerability of the syntactic analysis procedure for JSON microprogramming systems used in Huawei USG6000V network interfaces allows a attacker to trigger a service failure.

The vulnerability of the JSON syntax analysis process in Huawei USG6000V network interface controllers is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

QuantConnect Lean Code Issue Vulnerability

Quantconnect Lean is a cross-platform algorithmic trading engine for strategy research, backtesting and real-time trading based on the C language from Quantconnect. A security vulnerability exists in QuantConnect Lean versions 2.3.0.0 through 2.4.0.1, which stems from a failure to securely...

F5 BIG-IP ASM 资源管理错误漏洞

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. A denial of service vulnerability exists in F5 BIG-IP ASM, which can be exploited by an attacker t...

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

DEBIAN-CVE-2020-15366

An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...

Redash Code Issues Vulnerabilities

Redash is a set of data integration and analysis solutions from Redash Israel. The product supports data integration, data visualization, query editing and data sharing. A code issue vulnerability exists in the 'JSON' data source in Redash open-source 8.0.0 and prior versions, which arises from...

thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

The vulnerability of the WordPress website content management system, related to insufficient validation of input data, allows attackers to compromise the integrity of the data.

The vulnerability of the WordPress website content management system is related to a JSON GET cache infection error. Exploiting this vulnerability allows an attacker to compromise data integrity...

DEBIAN-CVE-2020-10663

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsi...

The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis allows a attacker to gain full control over the system.

The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis is related to the lack of a mechanism for checking input data. Exploiting this vulnerability could allow an attacker to gain full control over the system...

PYSEC-2020-156

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

PYSEC-2020-156

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

DEBIAN-CVE-2019-5064

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a...

The vulnerability of the Jackson-databind library, related to the lack of protection for service data, allows a hacker to read arbitrary files on the server.

The vulnerability of the Jackson-databind library is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files on the server using a specially created JSON message...

The vulnerability of the Jackson-databind library, related to the lack of protection for service data, allows attackers to read arbitrary files on the server.

The vulnerability of the Jackson-databind library is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files on the server by sending a specially crafted JSON message...

The vulnerability of the FasterXM Java library for JSON file grammar analysis, jackson-databind, allows a attacker to execute arbitrary code.

The vulnerability of the FasterXML function net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup in the Jackson-Databind JSON file parsing library involves memory corruption due to an unreliable data structure. Exploiting this vulnerability could allow a malicious actor to execute...

kube-apiserver: DoS with crafted patch of type json-patch

A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service...

The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis is related to the inability to prevent the OpenJPA class from being polymorphic deserialization. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or caus...