USN-7973-1 cjson vulnerabilities

It was discovered that cJSON incorrectly handled parsing large numbers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-26819 It was discovered that cJSON may perform out-of-bounds read when processing specially crafted JSON files using parseobject. An attacker...

USN-7973-1: cJSON vulnerabilities

It was discovered that cJSON incorrectly handled parsing large numbers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-26819 It was discovered that cJSON may perform out-of-bounds read when processing specially crafted JSON files using parseobject. An attacker...

OESA-2025-2376 cjson security update

cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - %description devel The cjson-devel package contains libraries and header files for developing...

cJSON: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings

A flaw was found in the cJSON library. A specially crafted JSON pointer string can cause an out-of-bounds access in the decodearrayindexfrompointer function in the cJSONUtils.c file due to improper array bounds checking, causing a crash to the application linked to the library and resulting in a...

EUVD-2021-2394

Malware in sbrugna...

EUVD-2021-1001

Malware in sbrugna...

EUVD-2025-26527

Malicious code in bioql PyPI...

EUVD-2022-7545

Malicious code in bioql PyPI...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

CVE-2025-57052

CVE-2025-57052 affects cJSON versions 1.5.0–1.7.18. The vulnerability arises from an out-of-bounds access in the function decode_array_index_from_pointer (cJSON_Utils.c), enabling manipulation via crafted JSON pointer strings. Connected advisories confirm impact across multiple distributions and ...

json-pointer: prototype pollution in json-pointer

A flaw was found in the json-pointer package. The affected versions of this package are vulnerable to prototype pollution vulnerability...

Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]

An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...

Prototype Pollution

json-pointer is vulnerable to prototype pollution. The vulnerability exists in the set function of index.js, due to the improper checks for the tok variable which allows an attacker to modify object prototype attributes...

CVE-2022-4742

A flaw was found in the json-pointer package. The affected versions of this package are vulnerable to prototype pollution vulnerability...

@amitport/koangular-users (=0.0.0), @antimatter-studios/dredd (>=14.1.0 <=15.0.11) +206 more potentially affected by CVE-2022-4742 via json-pointer (>=0.0.4 <=0.6.1)

json-pointer NPM version =0.0.4, =14.1.0, =0.0.1, =0.0.2, =0.0.1, =1.2.6, =2.7.2, =1.0.0, =0.0.0-development, =1.0.0, =2.21.3, =9.0.0, =2.0.0, =0.0.1, =0.1.0 and more Source cves: CVE-2022-4742 Source advisory: OSV:GHSA-6XRF-Q977-5VGC...

GHSA-6XRF-Q977-5VGC json-pointer vulnerable to Prototype Pollution

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...

json-pointer vulnerable to Prototype Pollution

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...

CVE-2022-4742

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...

CVE-2022-4742

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...

Information disclosure

A vulnerability, which was classified as critical, has been found in json-pointer. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be launched remotel...