ROOT-APP-NPM-CVE-2022-46175 CVE-2022-46175 in @rootio/json5 - Patched by Root

Root has patched CVE-2022-46175 in the @rootio/json5 package for Root:npm. Multiple fixed versions available...

CVE-2026-50733 Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...

CVE-2026-49493 Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()

Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...

CVE-2026-49493 Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()

Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...

CVE-2026-49493

Markdown Preview Enhanced prior to 0.8.28 runs Bitfield fenced code blocks containing interpretJS(), which evaluates code via vm.runInNewContext(), enabling arbitrary server-side code execution when rendering or exporting a document. The issue’s root cause is that Bitfield definitions were treate...

Azure Linux 3.0 Security Update: python-tensorboard (CVE-2022-46175)

The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46175 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and mainta...

RUSTSEC-2025-0120 json5 crate is unmaintained

The json5 crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - serdejson5 - jsonc-parser - json-five...

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console( CVE-2022-1471,CVE-2024-22259,CVE-2020-8565, CVE-2019-11250,CVE-2023-44487,CVE-2022-46175, CVE-2024-22243)

Summary SnakeYaml Constructor Deserialization Remote Code Execution. Spring-web-6.0.11, k8s.io-client-go, k8s.io-Apimachinery-v0.25.1, json5-1.0.1, spring-web-6.0.11 open source libraries are used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the...

Malicious code in @zalastax/nolb-json5 (npm)

The package @zalastax/nolb-json5 was found to contain malicious code...

MAL-2025-12123 Malicious code in @zalastax/nolb-json5 (npm)

The package @zalastax/nolb-json5 was found to contain malicious code...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2022-46175

Summary JSON5 is used by IBM Storage Fusion Data Foundation in the management-console and could allow a remote authenticated attacker to execute arbitrary code on the systemas part of CVE-2022-46175. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Dat...

Linux Distros Unpatched Vulnerability : CVE-2022-46175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5...

Atlassian Confluence 5.9.1 < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.0 / 9.2.0 XSS (CONFSERVER-98301)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98301 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method...

Prototype Pollution json5 Dependency in Confluence Data Center

This High severity json5 Dependency vulnerability was introduced in versions 5.9 of Confluence Data Center. This json5 Dependency vulnerability, with a CVSS Score of 7.1, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to...

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation

...

RHEL 8 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

RHEL 6 : json5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

RHEL 7 : json5 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

Ubuntu: Security Advisory (USN-6758-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...