CVE-2026-40164

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

Fedora 42 : perl-Cpanel-JSON-XS (2025-f4f4dae8f2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f4f4dae8f2 advisory. This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the apply function in org/jsonschema2pojo/rules/SchemaRule.java. An attacker can execute arbitrary code or cause denial of service by manipulating the JSON file input to trigger a stack-based buffer...

json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370...

GHSA-PQ2G-WX69-C263 Netplex Json-smart Uncontrolled Recursion vulnerability

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

UBUNTU-CVE-2024-57699

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

GHSA-C9GM-7RFJ-8W5H Duplicate Advisory: ReDoS via crafted JSON input in GJSON

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. Original Description GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

Input validation

GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

Denial Of Service (DoS)

github.com/tidwall/gjson is vulnerable to denial of service DoS attacks. The vulnerability exists due to improper handling of long running matches in 'parseObject' in 'gjson.go' allowing a malicious user cause an application crash via a crafted json input...

PT-2021-3184 · Gjson · Gjson

Name of the Vulnerable Software and Affected Versions: GJSON versions prior to 1.6.5 Description: The issue is related to an uncontrolled resource consumption in the GJSON library, which can be exploited by a remote attacker using a specially crafted JSON request to cause a denial of service. A...

CVE-2019-1002100

A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service. Mitigation Remove ‘patch’ permissions from untruste...

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...