CVE-2022-42743

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

EUVD-2022-7326

Malicious code in bioql PyPI...

EUVD-2025-31088

Malicious code in bioql PyPI...

CVE-2025-10948

A vulnerability has been found in MikroTik RouterOS 7. This affects the function parsejsonelement of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

CVE-2025-10948 MikroTik RouterOS libjson.so print parse_json_element buffer overflow

A vulnerability has been found in MikroTik RouterOS 7. This affects the function parsejsonelement of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

Malicious code in vite-plugin-parse-json (npm)

The package vite-plugin-parse-json was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4013d2b27a0c8568a2b51161431838d7877caf18d55e179597d06e162989b484 Any computer that has this package installed or running should be considered full...

Malicious Package

Overview vite-plugin-parse-json is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

PT-2025-39377

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS version 7 Description A buffer overflow issue exists in MikroTik RouterOS 7. The issue is located in the parse json element function within the libjson.so component, specifically accessible through the /rest/ip/address/print...

PT-2024-40377 · Butterfly · Butterfly

Name of the Vulnerable Software and Affected Versions: Butterfly affected versions not specified Description: The issue allows an attacker to execute arbitrary JavaScript code on the server by using the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input...

CVE-2024-2410

The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed...

Prototype Pollution

deep-parse-json is vulnerable to prototype pollution. The library improperly validates the incoming JSON keys, which allows a remote attacker to add new properties to an object through proto attribute...

GHSA-FF9J-PWXG-Q5P2 deep-parse-json vulnerable to Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto property to be edited...

@companydotcom/company-skynet-core (>=1.0.2 <=2.0.17), @companydotcom/micro-application-core (>=2.0.7 <=2.0.18-alpha.0) +10 more potentially affected by CVE-2022-42743 via deep-parse-json (>=1.0.1 <=1.0.2)

deep-parse-json NPM version =1.0.1, =1.0.2, =2.0.7, =0.0.1, =0.0.1, =0.0.19, =6.5.7, =5.3.0, =1.0.0, =0.0.6, =0.0.1, =0.0.13 - redux-persist-nedb-storage =0.1.0 Source cves: CVE-2022-42743 Source advisory: OSV:GHSA-FF9J-PWXG-Q5P2...

CVE-2022-42743

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-42743

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

Code injection

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-42743

CVE-2022-42743 affects the deep-parse-json library, version 1.0.2. The root cause is improper validation of incoming JSON keys, allowing the proto property to be edited, enabling prototype pollution where an external attacker can edit/add object properties. Impact stated across sources: remote ma...

PT-2022-26533 · Unknown · Deep-Parse-Json

Name of the Vulnerable Software and Affected Versions: deep-parse-json version 1.0.2 Description: The issue allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto...

deep-parse-json 安全漏洞

deep-parse-json is a Javascript function for recursively parsing stringified json by Sibaprasad Maiti Personal Developer. A security vulnerability exists in deep-parse-json version 1.0.2, which stems from an application not properly validating incoming JSON keys...