nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats, related to improper code generation management, allows attackers to execute commands on the host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to execute commands on the host by manipulating the processed input data...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows a hacker to cause a service failure due to uncontrolled resource consumption.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause a service failure by consuming excessive resources on the central processor...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows attackers to download files of dangerous types indefinitely. This enables attackers to upload and execute arbitrary code from a remote host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code from a remote host by...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

PT-2021-7265 · Unknown +9 · Json-Schema +9

Name of the Vulnerable Software and Affected Versions: json-schema versions prior to 0.4.0 Description: The issue is related to the improper control of modification of object prototype attributes, also known as 'Prototype Pollution'. This can occur when processing JSON files, potentially allowing...

Phoenix Contact PLCnext Control Devices 输入验证错误漏洞

Phoenix Contact PLCnext Control Devices is a programmable logic controller for industrial environments from Phoenix Contact, Germany. An input validation error vulnerability exists in Phoenix Contact PLCnext Control Devices prior to version 2021.0.5LTS, which stems from the control device being...

Axios Systems Assyst 代码问题漏洞

Axios Systems Assyst is an off-the-shelf application from UK-based Axios Systems for managing IT services without the complexity and overhead associated with ITSM platforms such as ServiceNow and BMC Remedy. Axios Systems Assyst version 10 SP7.5 suffers from a security vulnerability that stems fr...

CVE-2021-23028

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...

CVE-2021-26605

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics, and has features such as threat network security event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP, which stems from...

Apache CXF 资源管理错误漏洞

Apache CXF is the United States Apache Apache Foundation's an open source Web services framework. The framework supports multiple Web service standards, multiple front-end programming APIs, etc. Apache CXF has a resource management error vulnerability that can be exploited by an attacker to submi...

GHSA-8H2J-CGX8-6XV7 Cross-Site Request Forgery (CSRF) in FastAPI

Impact FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if...

The vulnerability of the data structure saving function in the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, allows a hacker to execute arbitrary code.

The vulnerability of the data structure saving function in the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Goto WordPress theme prior to version 2.1,...

GHSA-8RF5-92JH-3VC9 Uncaught Exception leading to Denial of Service in json-sanitizer

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...

Bryan Davis analytics-quarry-web 跨站脚本漏洞

Wikimedia Quarry analytics-quarry-web is an open source application. Wikimedia Quarry analytics-quarry-web is vulnerable to a cross-site scripting vulnerability. The vulnerability stems from the fact that app.py does not explicitly set the application json content type. No details of the...

GHSA-FJQ3-5PXW-4WJ4 Cross-Site Request Forgery in Webargs

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

Npm is-my-json-valid 资源管理错误漏洞

Npm is-my-json-valid is an application of the United States Npm . A JSONSchema is very fast to validate using a code generation mechanism. A resource management error vulnerability exists in is-my-json-valid, which stems from the use of an inefficient regular expression to validate a JSON field...

VulnCheck KEV: CVE-2020-7961

Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services...