58 matches found
CVE-2022-41713 deep-object-diff 1.1.0 - Prototype Pollution
deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...
nodejs-json-schema: Prototype pollution vulnerability
The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...
nodejs-json-schema: Prototype pollution vulnerability
The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...
Remote Code Execution (RCE)
nancy is vulnerable to remote code execution RCE. ObjectSerializer does not properly validate JSON data when handling CSRF cookies, allowing an attacker to inject a malicious JSON object through a CSRF Cookie...
CVE-2018-1107
It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...
Design/Logic Flaw
It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...
CVE-2020-10574
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...
DEBIAN-CVE-2020-10574
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...
Design/Logic Flaw
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...
CVE-2020-10574
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...
UBUNTU-CVE-2020-10574
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...
CVE-2020-10574
Mode C: Concrete details found. The CVE-2020-10574 issue affects Meetecho Janus WebRTC gateway (up to version 0.9.1) where janus.c attempts to use a string that does not exist during a query_logger Admin API request, caused by a typo in the JSON validation. This is the described root cause. The p...
CVE-2020-10574
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...
CVE-2014-8179
CVE-2014-8179 affects Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7. The vulnerability arises from improper validation and extraction of the manifest object from a JSON representation during a pull, enabling an attacker to inject new attributes into a JSON object and bypass...
CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...
Popular Web-Hosting Platform Bluehost Riddled with Flaws
UPDATE A researcher has uncovered several one-click client-side vulnerabilities in the popular Bluehost web hosting platform. These would allow cybercriminals to easily carry out complete account takeover, according to the analysis. Bluehost has acknowledged the issue, and told Threatpost, “We ar...
GHSA-F522-FFG8-J8R6 Regular Expression Denial of Service in is-my-json-valid
Version of is-my-json-valid before 2.12.4 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 2.12.4 or later...
GSA Bounty: SSRF/XSPA in labs.data.gov/dashboard/validate
Hi. This vulnerability allows access to all ports locally. Which is not visible from the web. 1We need an interim site file index.php 2Next we write in index.php 3Next go to https://labs.data.gov/dashboard/validate And write url - for example http://example/index.php If the port will be open...