EUVD-2022-6438

Malicious code in bioql PyPI...

The vulnerability of the Dataease database management system, related to improper elimination of surrogate characters, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Dataease database management system is related to the improper elimination of surrogate characters when connecting to PostgreSQL and Redshift databases. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...

GLSA-202403-03 : UltraJSON: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202403-03 UltraJSON: Multiple Vulnerabilities - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that...

Ubuntu 20.04 LTS : UltraJSON vulnerabilities (USN-6629-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6629-3 advisory. USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding...

SUSE CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

Insecure Cryptography

ujson is vulnerable to insecure cryptography. The vulnerability exists in a JSON string contains escaped surrogate characters which are not part of a proper surrogate pair, the library may decode those characters incorrectly which allows remote attackers to cause unintended behavior in the...

GHSA-WPQR-JCPX-745R Incorrect handling of invalid surrogate pair characters

Impact What kind of vulnerability is it? Who is impacted? Anyone parsing JSON from an untrusted source is vulnerable. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key...

Incorrect handling of invalid surrogate pair characters

Impact What kind of vulnerability is it? Who is impacted? Anyone parsing JSON from an untrusted source is vulnerable. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key...

DEBIAN-CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...

Mozilla low surrogates stripped from JavaScript before execution

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&56325ascript" sequence, a...