VulnCheck KEV: CVE-2020-7961

Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services...

QuantConnect Lean Code Issue Vulnerability

Quantconnect Lean is a cross-platform algorithmic trading engine for strategy research, backtesting and real-time trading based on the C language from Quantconnect. A security vulnerability exists in QuantConnect Lean versions 2.3.0.0 through 2.4.0.1, which stems from a failure to securely...

F5 BIG-IP ASM 资源管理错误漏洞

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. A denial of service vulnerability exists in F5 BIG-IP ASM, which can be exploited by an attacker t...

CVE-2020-16240

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...

DEBIAN-CVE-2020-15366

An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...

CVE-2020-12417

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. Note: this issue only affects Firefox on ARM64 platforms. This vulnerability affects Firefox ESR 68.10, Firefox 78, and...

Redash Code Issues Vulnerabilities

Redash is a set of data integration and analysis solutions from Redash Israel. The product supports data integration, data visualization, query editing and data sharing. A code issue vulnerability exists in the 'JSON' data source in Redash open-source 8.0.0 and prior versions, which arises from...

Validation Bypass in schema-inspector

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

GHSA-R24H-634P-M72X Validation Bypass in schema-inspector

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

DEBIAN-CVE-2020-10663

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsi...

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

PYSEC-2020-156

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

PYSEC-2020-156

flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...

CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

Code injection

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

CVE-2019-10781

Schema-inspector (JS package) is affected by CVE-2019-10781 through versions before 1.6.9. A specially crafted JavaScript object can bypass sanitize() and validate(), enabling information exposure and potential property tampering. The root cause is the bypass of input sanitisation/validation with...