358 matches found
GHSA-W942-GW6M-P62C Denial of service in GJSON
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector...
CVE-2020-28593
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
PT-2021-11563 · Cosori · Cosori Smart 5.8-Quart Air Fryer Cs158-Af
Name of the Vulnerable Software and Affected Versions: Cosori Smart 5.8-Quart Air Fryer CS158-AF version 1.1.0 Description: A backdoor exists in the configuration server functionality, allowing for code execution through a specially crafted JSON object. An attacker can send a malicious packet to...
CVE-2020-28899
The Web CGI Script on ZyXEL LTE4506-M606 V1.00ABDO.2C0 devices does not require authentication, which allows remote unauthenticated attackers via crafted JSON action data to /cgi-bin/gui.cgi to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
CVE-2020-36066
GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...
CVE-2020-36066
GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...
CVE-2020-36066
GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...
UBUNTU-CVE-2020-36066
GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...
CVE-2020-36066
GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...
CVE-2020-36066
GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...
Tidwall Gjson 安全漏洞
GJSON is a Go package that provides a fast and easy way to get values from json documents. A denial of service vulnerability exists in GJSON versions prior to 1.6.5. An attacker can exploit this vulnerability to cause a denial of service via specially crafted JSON...
PT-2021-3184 · Gjson · Gjson
Name of the Vulnerable Software and Affected Versions: GJSON versions prior to 1.6.5 Description: The issue is related to an uncontrolled resource consumption in the GJSON library, which can be exploited by a remote attacker using a specially crafted JSON request to cause a denial of service. A...
DEBIAN-CVE-2020-35380
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON...
CVE-2020-35380
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON...
UBUNTU-CVE-2020-35380
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON...
CVE-2020-35380
GJSON (tidwall/gjson) vulnerable to denial of service due to crafted JSON; root cause is improper bounds checking leading to a panic. Affected versions are before 1.6.4; patch is to upgrade to 1.6.4 or newer. Impact is DoS (service disruption) without explicit remote code execution details in the...