CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25921 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-25921
29 Aug 2022 — All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. Todas las versiones del paquete morgan-json son vulnerables a una Ejecución Arbitraria de Código debido a una falta de saneo de la entrada pasada al constructor de la función • https://github.com/indexzero/morgan-json/blob/3a76010215a4256d41687d082cd66c4f00ea5717/index.js%23L46 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23460 – Stack overflow in Jsonxx
https://notcve.org/view.php?id=CVE-2022-23460
19 Aug 2022 — Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. • https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23459 – Double free or Use after Free in Value class of Jsonxx
https://notcve.org/view.php?id=CVE-2022-23459
19 Aug 2022 — Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. • https://securitylab.github.com/advisories/GHSL-2022-048_Jsonxx • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36010 – Arbitrary code execution via function parsing in react-editable-json-tree
https://notcve.org/view.php?id=CVE-2022-36010
15 Aug 2022 — This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). To do this, Javascript's [`eval`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval) function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be execute... • https://github.com/oxyno-zeta/react-editable-json-tree/releases/tag/2.2.2 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30241
https://notcve.org/view.php?id=CVE-2022-30241
04 May 2022 — The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. jquery.json-viewer library versiones hasta 1.4.0 para Node.js no escapa correctamente los caracteres como < en un objeto JSON, como lo demuestra un elemento SCRIPT • https://github.com/abodelot/jquery.json-viewer/pull/26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2021-3918 – Prototype Pollution in kriszyp/json-schema
https://notcve.org/view.php?id=CVE-2021-3918
13 Nov 2021 — json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') json-schema es vulnerable a la Modificación Indebida de Atributos de Prototipos de Objetos ('Contaminación de Prototipos') The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, exec... • https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2021-23509 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23509
03 Nov 2021 — This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays. Esto afecta al paquete json-ptr versiones anteriores a 3.0.0. Una vulnerabilidad de confusión de tipo puede conllevar a una omisión de CVE-2020-7766 cuando las claves proporcionadas por el usuario usadas en el parámetro pointer son matrices • https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-31684 – json-smart: Denial of Service in JSONParserByteArray function
https://notcve.org/view.php?id=CVE-2021-31684
01 Jun 2021 — A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. Se ha detectado una vulnerabilidad en la función indexOf de JSONParserByteArray en versiones 1.3 y 2.4 de JSON Smart que causa una Denegación de Servicio (DOS) por medio de una petición web diseñada A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service. It w... • https://github.com/netplex/json-smart-v1/issues/10 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1107 – nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format
https://notcve.org/view.php?id=CVE-2018-1107
30 Mar 2021 — It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated. Se detectó que la biblioteca de JavaScript is-my-json-valid usaba una expresión regular ineficiente para comprobar los campos JSON definidos para tener formato de correo electrónico. Un archivo JSON especialmente diseñado podría hacer que consuma ... • https://bugzilla.redhat.com/show_bug.cgi?id=1546357 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 2CVE-2021-27568 – json-smart: uncaught exception may lead to crash or information disclosure
https://notcve.org/view.php?id=CVE-2021-27568
23 Feb 2021 — An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. Se detectó un problema en netplex json-smart-v1 hasta el 23-10-2015 y json-smart-v2 hasta 2.4. Una excepción es lanzada desde una función, pero no es detectada, como es demostrado por la función Numb... • https://github.com/netplex/json-smart-v1/issues/7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-754: Improper Check for Unusual or Exceptional Conditions •