Lucene search
K

32 matches found

snyk
snyk
added 2024/10/08 8:25 p.m.2 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity involved in processing ExtensionData property data. An attacker can trigger denial of service by passing malicious JSON input to a model that uses this property. Remediation Upgrade System.Text.Json to...

8.7CVSS6.8AI score0.03009EPSS
Exploits0References2
veracode
veracode
added 2023/06/23 2:42 a.m.18 views

Denial Of Services (DoS)

mjson is vulnerable to Denial Of Services DoS. The vulnerability exists due to a lack of nested depth checks in Json.java, which allows an attacker to cause an application crash by passing a maliciously crafted JSON string...

7.5CVSS6.6AI score0.00732EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2023/05/26 12:0 a.m.11 views

CVE-2023-33394

skycaiji v2.5.4 is vulnerable to Cross Site Scripting XSS. Attackers can achieve backend XSS by deploying malicious JSON data...

5.2AI score0.004EPSS
Exploits1References1
snyk
snyk
added 2021/07/05 8:10 a.m.2 views

Deserialization of Untrusted Data

Amendment This was deemed not a vulnerability. Overview com.jsoniter:jsoniter is a jsoniter json-iterator is fast and flexible JSON parser. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and i...

7CVSS8.1AI score
Exploits0References2
osv
osv
added 2021/04/14 8:4 p.m.80 views

GO-2021-0076 Out-of-bounds write in github.com/evanphx/json-patch

A malicious JSON patch can cause a panic due to an out-of-bounds write attempt. This can be used as a denial of service vector if exposed to arbitrary user input...

7.7CVSS7.4AI score0.01952EPSS
Exploits0References2
veracode
veracode
added 2019/07/16 1:56 a.m.11 views

Remote Code Execution (RCE)

slanger is vulnerable to remote code execution RCE. An unsafe deserialization of Ruby objects allows remote attackers to execute arbitrary code using a malicious JSON containing arbitrary object of various classes...

9.8CVSS9.9AI score0.04042EPSS
Exploits0References5Affected Software1
osv
osv
added 2018/10/18 5:42 p.m.12 views

GHSA-RFX6-VP9G-RH7V jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS7.5AI score0.49727EPSS
Exploits1References34
prion
prion
added 2018/02/26 3:29 p.m.34 views

Design/Logic Flaw

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...

7.5CVSS9.4AI score0.37925EPSS
Exploits7References28Affected Software5
freebsd
freebsd
added 2018/02/26 12:0 a.m.53 views

payara -- Default typing issue in Jackson Databind

FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS4.2AI score0.20135EPSS
Exploits0References1
prion
prion
added 2018/01/19 11:29 p.m.18 views

Code injection

An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability...

5CVSS7.4AI score0.02086EPSS
Exploits2References2
nvd
nvd
added 2018/01/19 11:29 p.m.27 views

CVE-2017-12119

An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability...

7.5CVSS7.4AI score0.02086EPSS
Exploits2References2
cvelist
cvelist
added 2018/01/19 11:0 p.m.25 views

CVE-2017-12119

An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability...

7.5CVSS7.4AI score0.02086EPSS
Exploits2References2
Rows per page
Query Builder