9 matches found
CVE-2026-27896
The CVE-2026-27896 concerns the Go MCP SDK, affected in versions prior to 1.3.1, where Go’s json.Unmarshal (case-insensitive field matching) could accept non-standard JSON-RPC/MCP field casing. This violates JSON-RPC 2.0’s exact field names and could allow messages to bypass intermediary inspecti...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to json-20190722.jar
Summary IBM webMethods BPM uses json-20190722.jar for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite...
AZL-70583 CVE-2025-11230 affecting package haproxy for versions less than 2.9.11-4
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...
EUVD-2022-3046
Malicious code in bioql PyPI...
java-sec-code
This is an offensive tool for Java web applications. It is a collection of Java web common vulnerabilities and security code, based on Spring Boot and Spring Security. The repository contains various types of vulnerabilities, including actuators to RCE, command inject, CORS, CRLF injection, CSRF,...
CVE-2025-5472
The CVE-2025-5472 entry concerns run-llama/llama_index’s JSONReader. Versions prior to 0.12.38 are vulnerable to a stack overflow/DoS via uncontrolled recursive JSON parsing when processing deeply nested structures. Root cause is unsafe recursive traversal with no depth validation, causing Recurs...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
Exploit for Uncontrolled Recursion in Owasp Modsecurity
Detection-and-Mitigation-script-for-CVE-2021-42717 Detection a...
rubygem-json: Unsafe object creation vulnerability in JSON
A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...