CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-20006
https://notcve.org/view.php?id=CVE-2016-20006
31 Dec 2020 — The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. El proyecto REST/JSON versiones 7.x-1.x para Drupal, permite un bloqueo de los inicios de sesión de los usuarios, también se conoce como SA-CONTRIB-2016-033. NOTA: Este proyecto no está cubierto por la política de avisos de seguridad de Drupal. • https://www.drupal.org/node/2744889 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-20007
https://notcve.org/view.php?id=CVE-2016-20007
31 Dec 2020 — The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. El proyecto REST/JSON versiones 7.x-1.x para Drupal, permite adivinar el nombre de la sesión, también se conoce como SA-CONTRIB-2016-033. NOTA: Este proyecto no está cubierto por la política de avisos de seguridad de Drupal. • https://www.drupal.org/node/2744889 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-20008
https://notcve.org/view.php?id=CVE-2016-20008
31 Dec 2020 — The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. El proyecto REST/JSON versiones 7.x-1.x para Drupal, permite una enumeración de sesiones, también se conoce como SA-CONTRIB-2016-033. NOTA: Este proyecto no está cubierto por la política de avisos de seguridad de Drupal. • https://www.drupal.org/node/2744889 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-7766 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2020-7766
10 Nov 2020 — This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution. Esto afecta a todas las versiones del paquete json-ptr. El problema ocurre en la operación de configuración (https://flitbit.github.io/json-ptr/classes/_sr... • https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8237 – nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS
https://notcve.org/view.php?id=CVE-2020-8237
18 Sep 2020 — Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. Una contaminación de prototipo en el paquete json-bigint npm versiones anteriores a 1.0.0, puede conllevar un ataque de denegación de servicio (DoS) A flaw was found in nodejs-json-bigint. A Prototype pollution in json-bigint npm may lead to a denial-of-service (DoS) attack. Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platf... • https://hackerone.com/reports/916430 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-17479
https://notcve.org/view.php?id=CVE-2020-17479
10 Aug 2020 — jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. jpv (también se conoce como Json Pattern Validator) versiones anteriores a 2.2.2, no comprueba apropiadamente la entrada, como es demostrado mediante una matriz corrupta • https://blog.sonatype.com/cve-2020-17479 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2CVE-2020-12762 – libfastjson: integer overflow and out-of-bounds write via a large JSON file
https://notcve.org/view.php?id=CVE-2020-12762
09 May 2020 — json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. json-c versiones hasta 0.14, presenta un desbordamiento de enteros y una escritura fuera de límites por medio de un archivo JSON grande, como es demostrado por la función printbuf_memappend. A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerab... • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-10663 – rubygem-json: Unsafe object creation vulnerability in JSON
https://notcve.org/view.php?id=CVE-2020-10663
28 Apr 2020 — The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. La gema JSON versiones hasta 2.2.0 para Ruby, como es usado en Ruby versiones 2.4 ha... • https://github.com/rails-lts/json_cve_2020_10663 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19507
https://notcve.org/view.php?id=CVE-2019-19507
02 Dec 2019 — In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. En jpv (también se conoce como Json Pattern Validator) versiones anteriores a 2.1.1, la función compareCommon() se puede omitir porque ciertos atributos internos pueden se... • https://github.com/ossf-cve-benchmark/CVE-2019-19507 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18848
https://notcve.org/view.php?id=CVE-2019-18848
12 Nov 2019 — The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. La gema json-jwt versiones anteriores a 1.11.0 para Ruby, carece de un conteo de elementos durante la división de una cadena JWE. • https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a • CWE-287: Improper Authentication •