EUVD-2024-34736

Malicious code in bioql PyPI...

Malicious code in nlohmann-json (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5aa85efabb2331d4495a31e8b8101fb7a0cdd11d7c9a4724b6fbb2a3c60b9296 Any computer that has this package installed or running should be considered...

MAL-2025-711 Malicious code in nlohmann-json (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5aa85efabb2331d4495a31e8b8101fb7a0cdd11d7c9a4724b6fbb2a3c60b9296 Any computer that has this package installed or running should be considered...

Denial Of Service (DoS)

Envoy is vulnerable to Denial Of Service DoS. The vulnerability is due to how Envoy invoked the nlohmann JSON library via source/common/json/jsoninternal.cc, which could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The vulnerability allows an...

CVE-2024-38525

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

CVE-2024-34363

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash...

PT-2024-25821 · Unknown +1 · Nlohmann/Json +1

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue arises from how Envoy invokes the nlohmann JSON library. If incomplete UTF-8 strings are serialized from downstream data, the library can throw an uncaught exception, causing Envoy ...

json: Heap-buffer-overflow in nlohmann::basic_json<std::__1::map, std::__1::vector, std::__1::basic_string<cha

Project: https://github.com/nlohmann/json.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5229771923390464 Project: json Fuzzer: libFuzzerjsonparsecborfuzzer Fuzz target binary: parsecborfuzzer Job Type: libfuzzerasanjson Platform Id: linux Crash Type:...