Lucene search
+L

33 matches found

CVE
CVE
added 1 hour ago14 views

CVE-2026-52746

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS5.3AI score
Exploits0References6
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS
Exploits0References6
Patchstack
Patchstack
added 2026/07/02 8:13 p.m.6 views

NPM: jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion

NPM: jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion vulnerability discovered by ? in WordPress Npm jsonata versions 2.2.0...

7.5CVSS5.9AI score
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55476

Name of the Vulnerable Software and Affected Versions JSONata versions prior to 2.2.0 Description Malicious non-matching inputs provided to the $toMillis function can trigger superlinear backtracking within the ISO-8601 validation regex. This behavior can lead to a denial of service in applicatio...

7.5CVSS5.3AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.10 views

CVE-2026-12208

A flaw was found in the jsonata JavaScript library. A prototype pollution vulnerability exists in the createFrame function in src/jsonata.js, allowing a remote attacker to manipulate object prototype attributes. This could lead to unauthorized modification of application behavior. Mitigation Do n...

6.9CVSS5.9AI score0.00314EPSS
Exploits0References8
NVD
NVD
added 2026/06/15 3:16 a.m.17 views

CVE-2026-12208

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS0.00314EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 2:0 a.m.12 views

EUVD-2026-36682

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 2:0 a.m.8 views

CVE-2026-12208 jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 2:0 a.m.37 views

CVE-2026-12208 jsonata-js jsonata Function Binding Frame System jsonata.js createFrame prototype pollution

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS0.00314EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 2:0 a.m.30 views

CVE-2026-12208

CVE-2026-12208 affects the jsonata-js package (up to 2.2.0) in the Function Binding Frame System. The vulnerability is in the function createFrame (src/jsonata.js) where an attacker can perform a prototype pollution attack by manipulating object prototype attributes. This can be triggered remotel...

6.9CVSS5.6AI score0.00314EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49170

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS5.2AI score0.00314EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0922

Malicious code in bioql PyPI...

9.8CVSS8.1AI score0.01422EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:40 p.m.18 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonata-js JSONata

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonata-js JSONata. Vulnerability Details CVEID:CVE-2024-27307 DESCRIPTION: jsonata-js JSONata could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JSONata...

9.8CVSS9.8AI score0.01422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.31 views

Security Bulletin: IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863

Summary IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863. This bulletin contains information regarding the vulnerability and its...

9.8CVSS9.1AI score0.91969EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/31 11:1 a.m.50 views

Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.13 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-31684 DESCRIPTION: netplex JSON Smart is vulnerable to a denial of...

9.8CVSS10AI score0.60679EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/19 8:36 p.m.36 views

Security Bulletin: IBM Edge Application Manager 4.5.5 addresses the security vulnerabilities listed in the CVEs below.

Summary IBM Edge Application Manager 4.5.5 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

9.8CVSS7.8AI score0.01422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/16 3:42 p.m.50 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and remote attack due to node.js jose module and jsonata-js JSONata (CVE-2024-28176, CVE-2024-27307)

Summary The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js jose module and jsonata-js JSONata. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jos...

9.8CVSS6.8AI score0.02085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 10:25 a.m.33 views

Security Bulletin: IBM App Connect Enterprise Certified Container instances that run or edit flows containing JSONata mapping are vulnerable to arbitrary code execution due to [CVE-2024-27307]

Summary JSONata is used by IBM App Connect Enterprise Certified Container flows for mapping and extracting values within a JSON document. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run or edit flows containing JSONata...

9.8CVSS9.8AI score0.01422EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/03/19 12:0 a.m.6 views

The vulnerability of the JSONata data transformation software lies in the uncontrolled modification of prototype attributes, allowing attackers to execute arbitrary code or cause service failures.

The vulnerability of the JSONata data transformation software is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service failures...

10CVSS7.9AI score0.01422EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2024/03/07 6:38 a.m.72 views

CVE-2024-27307

A vulnerability was found in JSONata. A malicious expression can exploit the transform operator to override properties on the Object constructor and prototype. This issue can result in denial of service, remote code execution, or other unforeseen behavior in applications that assess user-provided...

8.6CVSS9.6AI score0.01422EPSS
Exploits0References4
Rows per page
Query Builder