19 matches found
EUVD-2026-28787
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...
CVE-2026-29975
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...
CVE-2026-29975
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...
PT-2026-39144
Name of the Vulnerable Software and Affected Versions lwjson version 1.8.1 Description Improper input validation in the streaming JSON parser lwjson stream.c occurs because the end-of-string detection logic incorrectly identifies escaped quote characters. The system only checks the immediately...
CVE-2026-29975
lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser lwjsonstream.c. The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...
CVE-2026-29062
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...
[SECURITY] Fedora 43 Update: python-python-multipart-0.0.22-1.fc43
Python-Multipart is a streaming multipart parser for Python...
[SECURITY] Fedora 42 Update: python-python-multipart-0.0.22-1.fc42
Python-Multipart is a streaming multipart parser for Python...
CVE-2025-52999
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
[SECURITY] Fedora 41 Update: python-python-multipart-0.0.19-1.fc41
Python-Multipart is a streaming multipart parser for Python...
[SECURITY] Fedora 40 Update: python-multipart-0.0.19-1.fc40
Python-Multipart is a streaming multipart parser for Python...
CVE-2024-53981
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...
Litestar allows unbounded resource consumption (DoS vulnerability)
Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...
[SECURITY] Fedora 40 Update: jackson-databind-2.16.1-4.fc40
The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...
Expat 输入验证错误漏洞
Expat is a fast streaming XML parser written in C. Expat is vulnerable to an integer overflow vulnerability that stems from an integer overflow in copyString. No detailed vulnerability details are currently available...
[SECURITY] Fedora 32 Update: jackson-databind-2.10.5.1-1.fc32
The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...
[SECURITY] Fedora 30 Update: jackson-databind-2.9.9.3-1.fc30
The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...
[SECURITY] Fedora 29 Update: jackson-databind-2.9.8-1.fc29
The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...
apache-cxf: Multiple denial of service flaws in the StAX parser
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...