PT-2025-21811 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 138.0.4 Firefox ESR versions prior to 128.10.1 Description: An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. Recommendations: For Firefox versions...

Mozilla Firefox < 138.0.4

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 138.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-36 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array...

Mozilla Firefox ESR < 115.23.1

The version of Firefox ESR installed on the remote Windows host is prior to 115.23.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-38 advisory. - An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

Prototype Pollution

tarteaucitron.js is vulnerable to prototype pollution. The vulnerability is due to improper input validation in the addOrUpdate function within the file tarteaucitron.js, which allowed manipulation of JavaScript object prototypes...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the field label or handle during the import process from JSON. An attacker can execute arbitrary scripts in the context of the interface by inserting malicious content into these fields. Note: This is only...

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.193...

PYSEC-2025-83

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

Python JSON Logger 安全漏洞

Python JSON Logger is a JSON formatting tool for Python logs by the individual developer Nicholas Hairs. A security vulnerability exists in Python JSON Logger versions prior to 3.3.0, which stems from a missing dependency that could lead to remote code execution...

Distribution 安全漏洞

Distribution is Distribution's open source toolset for packaging, shipping, storing and delivering content. A security vulnerability exists in Distribution versions 3.0.0-beta.1 through 3.0.0-rc.2, which stems from a vulnerability that allows an attacker to inject an untrusted signing key into a...

Azure Linux 3.0 Security Update: cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes (CVE-2024-28180)

The version of cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28180 advisory. - Package jose aims to provide an...

DEBIAN-CVE-2024-57699

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

frozen 代码问题漏洞

frozen is an open source JSON parser and generator for C/C++ from Cesanta Software. A code issue exists in frozen versions prior to 1.7, which is caused by a null pointer dereference. An attacker exploiting this vulnerability could trigger a crash of a component embedded in the library by providi...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

Prototype pollution in jsii.configureCategories

Summary jsii is a TypeScript to JavaScript compiler that also extracts an interface definition manifest to generate RPC stubs in various programming languages. jsii is typically used as a command-line tool, but it can also be loaded as a library. When loaded as a library into a larger application...

CVE-2020-26310 GHSL-2020-305: Regular Expression Denial of Service (ReDoS) in Pure JavaScript HTML5 Parser

Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any patches are available...

OESA-2024-2228 json-lib security update

JSON-lib is a java library for transforming beans, maps, collections, java arrays and XML to JSON and back again to beans and DynaBeans. Security Fixes: util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.CVE-2024-47855...

UBUNTU-CVE-2024-47855

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

SUSE CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Dojo version 1.16.2

Summary A vulnerability has been identified in Dojo version 1.16.2 Prototype Pollution, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: Do...