MongoDB PHP Driver 安全漏洞

The MongoDB PHP Driver is an open-source driver developed by MongoDB for PHP applications, enabling connection to MongoDB databases. The MongoDB PHP Driver has a security vulnerability that stems from a stack overflow issue when processing deeply nested BSON documents, which may lead to applicati...

GHSA-HX9Q-6W63-J58V orjson does not limit recursion for deeply nested JSON documents

The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...

PT-2026-3955

Name of the Vulnerable Software and Affected Versions orjson versions through 3.11.4 Description The orjson.dumps function does not limit recursion when processing deeply nested JSON documents. This can lead to a denial of service. Recommendations Update to a version of orjson newer than 3.11.4...

EUVD-2024-0130

Malicious code in bioql PyPI...

EUVD-2023-0618

Malicious code in bioql PyPI...

CVE-2023-7272

A flaw was found in Eclipse Parsson. A document containing a large depth of nested objects may allow an attacker to cause a Java stack overflow exception, potentially leading to a denial of service...

Eclipse Parsson stack overflow when parsing deeply nested input

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...

CVE-2023-7272 Eclipse Parsson stack overflow with deeply nested objects

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...

CVE-2023-7272 Eclipse Parsson stack overflow with deeply nested objects

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...

CVE-2023-7272

CVE-2023-7272 affects Eclipse Parsson prior to 1.0.4 and 1.1.3, where parsing JSON documents with a deeply nested structure can trigger a Java stack overflow and denial of service. The root cause is extremely nested object depth in JSON processing (parse/generate/transform/query). The CVSS base s...

Fedora: Security Advisory for jakarta-json (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

orjson is vulnerable to Denial Of Service. The vulnerability is due to the lack of recursion depth limits during parsing, which allows attackers to potentially cause denial of service by supplying deeply nested JSON documents...

CVE-2024-27454

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

Design/Logic Flaw

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

GHSA-P8P6-RCP6-4MRM Uncontrolled Recursion in Play Framework

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...

Azure Policies

Welcome back to Part Two of our four-part Blueprint Series. Today's post covers the use of Azure Policies within a Blueprint deployment along with ARM templates and permissions management. Azure Policies are the critical component of Azure Blueprints. Policies, like ARM Templates, are JSON...

MGASA-2020-0186 Updated ruby-json packages fix security vulnerability

Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...

Updated ruby-json packages fix security vulnerability

Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...