[SECURITY] Fedora 31 Update: golang-github-buger-jsonparser-0-0.8.20200406gitf7e751e.fc31

Alternative JSON parser for Go. It does not require you to know the structure of the payload eg. create structs, and allows accessing fields by providing the path to them. It is up to 10 times faster than standard encoding/json package depending on payload s ize and usage, allocates no memory...

CVE-2020-1892

Insufficient boundary checks when decoding JSON in JSONparser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 inclusive, versions between...

CVE-2018-11793

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

GHSA-P2XQ-VCM7-XJJ6 Stack Overflow in Apache Mesos

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

Code injection

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of many JSON object fields with keys that have the same hash code...

Dave Gamble cJSON Denial of Service Vulnerability

Dave Gamble cJSON is a lightweight JSON format parser . A security vulnerability exists in the cJSON library in Dave Gamble cJSON 1.7.6 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service memory leak...

Hashicorp Consul Remote Command Execution via Services API

This module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hashicorp Consul Remote Command Execution...

Monero: Stack Overflow in JSON RPC Server

Summary: There is a stack overflow bug in jsonparser when parsing nesting objects. Description: Monero's json parser handled by epee libraries doesn't check object tree depth while parsing Steps To Reproduce: Up the service bash monerod run bash python2 poc.py backtrace SUMMARY: AddressSanitizer:...

CppCMS Denial of Service Vulnerability

CppCMS is a free , mainly using C + + language development of the Web rapid development framework . JSON parser is one of the JSON parser module . A security vulnerability exists in the JSON parser module in CppCMS versions before 1.2.1. An attacker can exploit this vulnerability to cause a denia...

CVE-2018-11367

An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module...

Design/Logic Flaw

An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module...

CVE-2018-11367

An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module...

CVE-2018-11367

CppCMS prior to 1.2.1 contains a denial-of-service vulnerability in the JSON parser module. Affected component: the JSON parser in CppCMS; affected versions are those before 1.2.1. The issue is documented across multiple sources (e.g., CVE-2018-11367). Practical impact is DoS via crafted JSON inp...

CVE-2018-11367

An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module...

GitStack Unsanitized Argument RCE

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10. This module requires Metasploit: https://metasploit.com/download Current...

The vulnerability of the CouchDB database management system stems from differences in how JSON parsers based on Erlang and JavaScript operate. This allows a hacker to execute arbitrary shell commands on the server with administrator privileges.

The vulnerability of the CouchDB database management system is related to differences in how JSON-based parsers running on Erlang and JavaScript operate. Exploiting this vulnerability allows a malicious actor, who operates remotely and is not an administrator of the system, to gain access to...

[SECURITY] Fedora 27 Update: erlang-jiffy-0.14.13-1.fc27

A JSON parser for Erlang implemented as a NIF...

[SECURITY] Fedora 26 Update: erlang-jiffy-0.14.13-1.fc26

A JSON parser for Erlang implemented as a NIF...

Apache CouchDB Remote Code Execution Vulnerability

Exploit for multiple platform in category remote exploits Description Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access...

[ASA-201711-24] couchdb: multiple issues

Arch Linux Security Advisory ASA-201711-24 ========================================== Severity: High Date : 2017-11-16 CVE-ID : CVE-2017-12635 CVE-2017-12636 Package : couchdb Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-495 Summary ======= The package couchdb...