CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45493
https://notcve.org/view.php?id=CVE-2022-45493
03 Feb 2023 — Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. • https://github.com/hyrathon/trophies/security/advisories/GHSA-r2mm-2f4c-6243 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45496
https://notcve.org/view.php?id=CVE-2022-45496
03 Feb 2023 — Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. • https://github.com/hyrathon/trophies/security/advisories/GHSA-29hf-wrjw-2f28 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23088
https://notcve.org/view.php?id=CVE-2023-23088
03 Feb 2023 — Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. • https://github.com/Barenboim/json-parser/issues/7 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45494
https://notcve.org/view.php?id=CVE-2022-45494
31 Jan 2023 — Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. Vulnerabilidad de desbordamiento de búfer en la función json_parse_object en sheredom json.h antes de el commit 0825301a07cbf51653882bf2b153cc81fdadf41 (14 de noviembre de 2022) permite a los atacantes codificar código arbitrario y obtener privilegios aumentados. • https://github.com/hyrathon/trophies/security/advisories/GHSA-wvpq-p7pp-cj6m • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10004 – Timing side-channel in github.com/robbert229/jwt
https://notcve.org/view.php?id=CVE-2015-10004
27 Dec 2022 — Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. Los métodos de validación de tokens son susceptibles a un canal lateral de temporización durante la comparación HMAC. Con una cantidad suficientemente grande de solicitudes a través de una conexión de baja latencia, un atacante puede usar esto para determinar el HMAC esperado. • https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4742 – json-pointer index.js set prototype pollution
https://notcve.org/view.php?id=CVE-2022-4742
26 Dec 2022 — A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. Upgrading to version 0.6.2 is able to address this issue. • https://github.com/manuelstofer/json-pointer/commit/859c9984b6c407fc2d5a0a7e47c7274daa681941 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-45688
https://notcve.org/view.php?id=CVE-2022-45688
13 Dec 2022 — A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Un desbordamiento de pila en el componente XML.toJSONObject de hutool-json v5.8.10 permite a los atacantes provocar una Denegación de Servicio (DoS) a través de datos JSON o XML manipulados. • https://github.com/scabench/jsonorg-tp1 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41714
https://notcve.org/view.php?id=CVE-2022-41714
03 Nov 2022 — fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. La versión 1.0.1 de Fast-Json-copy permite a un atacante externo editar o agregar nuevas propiedades a un objeto. Esto es posible porque la aplicación no valida correctamente las claves JSON entrantes, permitiendo así editar la propiedad '__proto__'. • https://fluidattacks.com/advisories/guetta • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42743
https://notcve.org/view.php?id=CVE-2022-42743
03 Nov 2022 — deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. La versión 1.0.2 de deep-parse-json permite a un atacante externo editar o agregar nuevas propiedades a un objeto. Esto es posible porque la aplicación no valida correctamente las claves JSON entrantes, permitiendo así editar la propiedad '__proto__'. • https://fluidattacks.com/advisories/buuren • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38882
https://notcve.org/view.php?id=CVE-2022-38882
19 Sep 2022 — The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. d8s-json para python, tal y como es distribuido en PyPI, incluía una potencial puerta trasera de ejecución de código insertada por un tercero. La puerta trasera es el paquete democritus-strings. La versión afectada es 0.1.0 • https://github.com/democritus-project/d8s-json/issues/9 • CWE-434: Unrestricted Upload of File with Dangerous Type •