Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 11:40 a.m.10 views

CVE-2026-9334

A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...

7.3CVSS5.8AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/06/03 1:16 a.m.16 views

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS0.00263EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 1:16 a.m.8 views

UBUNTU-CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS5.2AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/03 12:15 a.m.10 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

5.8AI score0.00263EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:15 a.m.8 views

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

5.8AI score0.00263EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/03 12:15 a.m.13 views

EUVD-2026-34060

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS5.8AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 12:15 a.m.27 views

CVE-2026-9334

Cpanel::JSON::XS (Perl) is affected by a type-confusion issue in decode_hv() for versions before 4.41 when dupkeys_as_arrayref is enabled. The code tests duplicate keys by evaluating SvTYPE (old_value) != SVt_RV && SvTYPE (SvRV (old_value)) != SVt_PVAV, which dereferences a value via SvRV(old_val...

7.3CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

Cpanel::JSON::XS 安全漏洞

Cpanel::JSON::XS is a tool developed by RURBAN for converting Perl data structures into JSON format. Versions of Cpanel::JSON::XS prior to version 4.41 contained security vulnerabilities. These vulnerabilities stemmed from the use of dupkeysasarrayref, which led to type confusion when repeated...

7.3CVSS5.3AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45891

Name of the Vulnerable Software and Affected Versions Cpanel::JSON::XS versions prior to 4.41 Description Type confusion occurs when dupkeys as arrayref is enabled, allowing duplicate object keys to cause a crash. The decode hv function collapses duplicate keys into an array reference; however, i...

7.3CVSS5.5AI score0.00263EPSS
Exploits0References23
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/03 9:1 a.m.3 views

Malicious code in arrayref (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 173d873a752e33bfa5cdeb3ccefd21028e662401f7fb6fa22831d99eb490c3cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder