144 matches found
Design/Logic Flaw
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
UBUNTU-CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2024-24786 Infinite loop in JSON unmarshaling in google.golang.org/protobuf
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
GO-2024-2611 Infinite loop in JSON unmarshaling in google.golang.org/protobuf
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
Google Go Security Vulnerability
Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google. A security vulnerability exists in Google Go, which stems from the fact that the protojson.Unmarshal function may enter an infinite loop when parsing certain invalid JSON...
PT-2024-3764
Name of the Vulnerable Software and Affected Versions golang-google-protobuf affected versions not specified Description The issue is related to the protojson.Unmarshal function in the golang-google-protobuf package, which can enter an infinite loop when unmarshaling certain forms of invalid JSON...
CVE-2022-45143
A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values...
fastest-json-copy 安全漏洞
fastest-json-copy is a library by Vadim Dalecky personal developer . It is used for JSON deep cloning implementations. A security vulnerability exists in fastest-json-copy version 1.0.1, which stems from an application not properly validating incoming JSON keys...
Uncaught Exception leading to Denial of Service in json-sanitizer
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...
Owasp Json-sanitizer Input Validation Error Vulnerability
Owasp Json-sanitizer is the Owasp Foundation of a Java-based Json can be based on the text content similar to the Json code library to generate data in Json format . An input validation error vulnerability exists in OWASP JSON -sanitizer prior to version 1.2.2, which stems from the fact that a...
CVE-2021-23900
The CVE-2021-23900 entry concerns OWASP json-sanitizer before 1.2.2, where crafted input can cause invalid JSON output or an undeclared exception, potentially leading to DoS. Connected sources (Red Hat, GHSA, OSV, CNVD, CVE listings) confirm the same core issue affecting json-sanitizer prior to 1...
GHSA-4MP3-385R-V63F Denial of service attack due to invalid JSON
Impact A denial of service attack against Matrix clients can be exploited by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state. Patches At a minimum 8106 an...
Denial of service attack due to invalid JSON
Impact A denial of service attack against Matrix clients can be exploited by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state. Patches At a minimum 8106 an...
Apache Mesos libprocess Denial of Service Vulnerability
Apache Mesos is the United States Apache Apache Software Foundation of a set of support for Hadoop, ElasticSearch and Spark and other application architectures of open source cluster management software. libprocess is one of the underlying network communication libraries . A security vulnerabilit...
ALPINE-CVE-2017-15098
Invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory...
Denial Of Service (DoS)
github.com/kubernetes/kubernetes is vulnerable to denial of service attacks. These attacks can be triggered by invalid JSON data. The invalid JSON data causes github.com/kubernetes/kubernetes to panic and cause a nil pointer dereference causing the master process to crash. This is related to...
DEBIAN-CVE-2016-5705
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...
UBUNTU-CVE-2016-5705
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...
CVE-2016-5705
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...
CVE-2011-2532
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...