USN-6758-1: JSON5 vulnerability

It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network...

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

json5: Prototype Pollution in JSON5 via Parse Method

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse...

Prototype Pollution in JSON5 via Parse Method

The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the...

CVE-2022-46175

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named proto, allowing specially crafted strings t...

CVE-2022-26260

Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse...

CVE-2022-22912

Prototype pollution vulnerability via .parse in Plist before v3.0.4 allows attackers to cause a Denial of Service DoS and may lead to remote code execution...

CVE-2020-27197

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...

PYSEC-2020-59

DISPUTED TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxm...

Updated perl-Email-Address package fixes security vulnerability

The parse method in the Email::Address module through 1.912 for Perl can consume a large amount of resources on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f" CVE-2018-12558...

Input validation

The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f"...

CVE-2018-12558

The parse method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters "\f"...

PT-2018-6052 · Github · Uri.Js

Name of the Vulnerable Software and Affected Versions: uri-js versions 2.1.1 and earlier Description: The issue arises from a regular expression used by uri-js to validate URLs, which is vulnerable to redos. This vulnerability causes the program to hang and results in 100% CPU usage when attempti...

Regular Expression Denial of Service in uglify-js

Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

GHSA-C9F4-XJ24-8JQX Regular Expression Denial of Service in uglify-js

Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...