Ultrajson@* Security Vulnerabilities and Issues — Ultrajson@* CVE List

Lucene search

Ultrajson ProjectUltrajson*

3 matches found

CVE•added 2022/01/01 12:15 a.m.•146 views

CVE-2021-45958

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

5.5CVSS5.8AI score0.00239EPSS

CVE•added 2022/07/05 6:15 p.m.•117 views

CVE-2022-31116

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting...

7.5CVSS7.4AI score0.00143EPSS

CVE•added 2022/07/05 6:15 p.m.•115 views

CVE-2022-31117

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is im...

5.9CVSS6.5AI score0.00111EPSS