21 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing JSON payloads before applying rate limits. An attacker can cause service disruption by sending specially crafted JSON payloads that bypass rate limiting. Note: This is...
EUVD-2023-2589
Malicious code in bioql PyPI...
EUVD-2023-1894
Malicious code in bioql PyPI...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and CPU consumption by submitting specially-crafted payloads that meet the default...
CVE-2023-42278
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse...
CVE-2023-34615
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
GHSA-RR66-QH5M-W6MX hutool Buffer Overflow vulnerability
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse...
CVE-2023-42278
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse...
CVE-2023-42278
hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse...
ch.sourcemotion.gradle.vertx.hermes:ch.sourcemotion.gradle.vertx.hermes.gradle.plugin (=0.0.1), ch.sourcemotion.gradle:vertx-hermes-gradle-plugin (=0.0.1) +30 more potentially affected by CVE-2023-34615 via net.pwall.json:jsonutil (>=2.0 <=5.0)
net.pwall.json:jsonutil MAVEN version =2.0, =0.1.0, =0.6.0, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.68, =0.31, =0.68, =0.1, =0.6.1 and more Source cves: CVE-2023-34615 Source advisory: OSV:GHSA-W2RR-WVH9-M2M7...
JSONUtil vulnerable to stack exhaustion
An issue was discovered JSONUtil through 5.0 that allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...
GHSA-W2RR-WVH9-M2M7 JSONUtil vulnerable to stack exhaustion
An issue was discovered JSONUtil through 5.0 that allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures...
CVE-2023-34615
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
CVE-2023-34615
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
CVE-2023-34615
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
Code injection
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
CVE-2023-34615
The CVE-2023-34615 issue affects JSONUtil up to and including version 5.0, where crafted objects with cyclic dependencies can trigger denial of service or related impacts. The vulnerability is described consistently across multiple sources (e.g., NVD, Red Hat, Veracode, GHSA, OSV) as a DOS caused...
JSONUtil 缓冲区错误漏洞
JSONUtil is a library of JSON generation and parsing utilities for Java from the individual developer Bill Davidson. A security vulnerability exists in JSONUtil 5.0 and earlier versions that could allow an attacker to cause a denial of service through the use of circularly dependent objects...
CVE-2023-34615
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...
CVE-2023-34615
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies...