CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45492
https://notcve.org/view.php?id=CVE-2022-45492
Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. • https://github.com/hyrathon/trophies/security/advisories/GHSA-r9wh-hxqh-3xq7 https://github.com/sheredom/json.h/issues/95 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45496
https://notcve.org/view.php?id=CVE-2022-45496
Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. • https://github.com/hyrathon/trophies/security/advisories/GHSA-29hf-wrjw-2f28 https://github.com/sheredom/json.h/issues/92 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45494
https://notcve.org/view.php?id=CVE-2022-45494
Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. Vulnerabilidad de desbordamiento de búfer en la función json_parse_object en sheredom json.h antes de el commit 0825301a07cbf51653882bf2b153cc81fdadf41 (14 de noviembre de 2022) permite a los atacantes codificar código arbitrario y obtener privilegios aumentados. • https://github.com/hyrathon/trophies/security/advisories/GHSA-wvpq-p7pp-cj6m https://github.com/sheredom/json.h https://github.com/sheredom/json.h/issues/93 https://github.com/sheredom/json.h/issues/97 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10004 – Timing side-channel in github.com/robbert229/jwt
https://notcve.org/view.php?id=CVE-2015-10004
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. Los métodos de validación de tokens son susceptibles a un canal lateral de temporización durante la comparación HMAC. Con una cantidad suficientemente grande de solicitudes a través de una conexión de baja latencia, un atacante puede usar esto para determinar el HMAC esperado. • https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654 https://github.com/robbert229/jwt/issues/12 https://pkg.go.dev/vuln/GO-2020-0023 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4742 – json-pointer index.js set prototype pollution
https://notcve.org/view.php?id=CVE-2022-4742
A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. Upgrading to version 0.6.2 is able to address this issue. • https://github.com/manuelstofer/json-pointer/commit/859c9984b6c407fc2d5a0a7e47c7274daa681941 https://github.com/manuelstofer/json-pointer/pull/36 https://vuldb.com/?ctiid.216794 https://vuldb.com/?id.216794 https://access.redhat.com/security/cve/CVE-2022-4742 https://bugzilla.redhat.com/show_bug.cgi?id=2156333 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •