10 matches found
CVE-2026-9334
A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...
CVE-2026-9334
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
UBUNTU-CVE-2026-9334
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
CVE-2026-9334
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
EUVD-2026-34060
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
CVE-2026-9334
Cpanel::JSON::XS (Perl) is affected by a type-confusion issue in decode_hv() for versions before 4.41 when dupkeys_as_arrayref is enabled. The code tests duplicate keys by evaluating SvTYPE (old_value) != SVt_RV && SvTYPE (SvRV (old_value)) != SVt_PVAV, which dereferences a value via SvRV(old_val...
Cpanel::JSON::XS 安全漏洞
Cpanel::JSON::XS is a tool developed by RURBAN for converting Perl data structures into JSON format. Versions of Cpanel::JSON::XS prior to version 4.41 contained security vulnerabilities. These vulnerabilities stemmed from the use of dupkeysasarrayref, which led to type confusion when repeated...
PT-2026-45891
Name of the Vulnerable Software and Affected Versions Cpanel::JSON::XS versions prior to 4.41 Description Type confusion occurs when dupkeys as arrayref is enabled, allowing duplicate object keys to cause a crash. The decode hv function collapses duplicate keys into an array reference; however, i...
Malicious code in arrayref (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 173d873a752e33bfa5cdeb3ccefd21028e662401f7fb6fa22831d99eb490c3cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...