ROOT-APP-NPM-CVE-2022-46175 CVE-2022-46175 in @rootio/json5 - Patched by Root

Root has patched CVE-2022-46175 in the @rootio/json5 package for Root:npm. Multiple fixed versions available...

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2022-46175)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46175 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and mainta...

RUSTSEC-2025-0120 json5 crate is unmaintained

The json5 crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - serdejson5 - jsonc-parser - json-five...

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console( CVE-2022-1471,CVE-2024-22259,CVE-2020-8565, CVE-2019-11250,CVE-2023-44487,CVE-2022-46175, CVE-2024-22243)

Summary SnakeYaml Constructor Deserialization Remote Code Execution. Spring-web-6.0.11, k8s.io-client-go, k8s.io-Apimachinery-v0.25.1, json5-1.0.1, spring-web-6.0.11 open source libraries are used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the...

MAL-2025-12123 Malicious code in @zalastax/nolb-json5 (npm)

The package @zalastax/nolb-json5 was found to contain malicious code...

Malicious code in @zalastax/nolb-json5 (npm)

The package @zalastax/nolb-json5 was found to contain malicious code...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2022-46175

Summary JSON5 is used by IBM Storage Fusion Data Foundation in the management-console and could allow a remote authenticated attacker to execute arbitrary code on the systemas part of CVE-2022-46175. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Dat...

Linux Distros Unpatched Vulnerability : CVE-2022-46175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5...

Atlassian Confluence 5.9.1 < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.0 / 9.2.0 XSS (CONFSERVER-98301)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98301 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method...

Prototype Pollution json5 Dependency in Confluence Data Center

This High severity json5 Dependency vulnerability was introduced in versions 5.9 of Confluence Data Center. This json5 Dependency vulnerability, with a CVSS Score of 7.1, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to...

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation

...

RHEL 8 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

RHEL 7 : json5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

RHEL 6 : json5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

Ubuntu: Security Advisory (USN-6758-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6758-1: JSON5 vulnerability

It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network...

USN-6758-1 node-json5 vulnerability

It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : JSON5 vulnerability (USN-6758-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6758-1 advisory. It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this...

Debian: Security Advisory (DLA-3665-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...