32 matches found
Inefficient Algorithmic Complexity
Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity involved in processing ExtensionData property data. An attacker can trigger denial of service by passing malicious JSON input to a model that uses this property. Remediation Upgrade System.Text.Json to...
Denial Of Services (DoS)
mjson is vulnerable to Denial Of Services DoS. The vulnerability exists due to a lack of nested depth checks in Json.java, which allows an attacker to cause an application crash by passing a maliciously crafted JSON string...
CVE-2023-33394
skycaiji v2.5.4 is vulnerable to Cross Site Scripting XSS. Attackers can achieve backend XSS by deploying malicious JSON data...
Deserialization of Untrusted Data
Amendment This was deemed not a vulnerability. Overview com.jsoniter:jsoniter is a jsoniter json-iterator is fast and flexible JSON parser. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and i...
GO-2021-0076 Out-of-bounds write in github.com/evanphx/json-patch
A malicious JSON patch can cause a panic due to an out-of-bounds write attempt. This can be used as a denial of service vector if exposed to arbitrary user input...
Remote Code Execution (RCE)
slanger is vulnerable to remote code execution RCE. An unsafe deserialization of Ruby objects allows remote attackers to execute arbitrary code using a malicious JSON containing arbitrary object of various classes...
GHSA-RFX6-VP9G-RH7V jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...
Design/Logic Flaw
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...
payara -- Default typing issue in Jackson Databind
FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...
Code injection
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability...
CVE-2017-12119
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability...
CVE-2017-12119
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability...