Lucene search
K

58 matches found

Cvelist
Cvelist
added 2022/11/03 12:0 a.m.61 views

CVE-2022-41713 deep-object-diff 1.1.0 - Prototype Pollution

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

5.5AI score0.00643EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/01/06 6:43 p.m.4 views

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

9.8CVSS7.6AI score0.03563EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/16 5:21 p.m.2 views

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

9.8CVSS7.6AI score0.03563EPSS
Exploits1References4
Veracode
Veracode
added 2021/06/16 8:47 a.m.25 views

Remote Code Execution (RCE)

nancy is vulnerable to remote code execution RCE. ObjectSerializer does not properly validate JSON data when handling CSRF cookies, allowing an attacker to inject a malicious JSON object through a CSRF Cookie...

9.8CVSS4.7AI score0.03095EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/03/30 2:15 a.m.3 views

CVE-2018-1107

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...

5.3CVSS5.8AI score0.01204EPSS
Exploits1References2
Prion
Prion
added 2021/03/30 2:15 a.m.10 views

Design/Logic Flaw

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated...

5CVSS5.5AI score0.01204EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/03/14 8:15 p.m.13 views

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

9.8CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2020/03/14 8:15 p.m.3 views

DEBIAN-CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

9.8CVSS8.6AI score0.01231EPSS
Exploits0References1
Prion
Prion
added 2020/03/14 8:15 p.m.13 views

Design/Logic Flaw

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

7.5CVSS9.3AI score0.01231EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/03/14 8:15 p.m.24 views

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

9.8CVSS7.2AI score0.01231EPSS
Exploits0References2
OSV
OSV
added 2020/03/14 8:15 p.m.4 views

UBUNTU-CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

9.8CVSS5.8AI score0.01231EPSS
Exploits0References3
CVE
CVE
added 2020/03/14 7:7 p.m.132 views

CVE-2020-10574

Mode C: Concrete details found. The CVE-2020-10574 issue affects Meetecho Janus WebRTC gateway (up to version 0.9.1) where janus.c attempts to use a string that does not exist during a query_logger Admin API request, caused by a typo in the JSON validation. This is the described root cause. The p...

9.8CVSS9.3AI score0.01231EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2020/03/14 7:7 p.m.18 views

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

9.8CVSS9.4AI score0.01231EPSS
Exploits0
CVE
CVE
added 2019/12/04 3:10 p.m.70 views

CVE-2014-8179

CVE-2014-8179 affects Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7. The vulnerability arises from improper validation and extraction of the manifest object from a JSON representation during a pull, enabling an attacker to inject new attributes into a JSON object and bypass...

7.5CVSS7.2AI score0.02733EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2019/12/04 3:10 p.m.38 views

CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

7.3AI score0.02733EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2019/01/14 10:22 p.m.60 views

Popular Web-Hosting Platform Bluehost Riddled with Flaws

UPDATE A researcher has uncovered several one-click client-side vulnerabilities in the popular Bluehost web hosting platform. These would allow cybercriminals to easily carry out complete account takeover, according to the analysis. Bluehost has acknowledged the issue, and told Threatpost, “We ar...

7.1AI score
Exploits0References4
OSV
OSV
added 2017/10/24 6:33 p.m.1 views

GHSA-F522-FFG8-J8R6 Regular Expression Denial of Service in is-my-json-valid

Version of is-my-json-valid before 2.12.4 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 2.12.4 or later...

7.5CVSS7.1AI score0.01849EPSS
Exploits0References10
Hacker One
Hacker One
added 2017/09/26 4:40 p.m.17 views

GSA Bounty: SSRF/XSPA in labs.data.gov/dashboard/validate

Hi. This vulnerability allows access to all ports locally. Which is not visible from the web. 1We need an interim site file index.php 2Next we write in index.php 3Next go to https://labs.data.gov/dashboard/validate And write url - for example http://example/index.php If the port will be open...

Exploits0
Rows per page
Query Builder