CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-17479
https://notcve.org/view.php?id=CVE-2020-17479
10 Aug 2020 — jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. jpv (también se conoce como Json Pattern Validator) versiones anteriores a 2.2.2, no comprueba apropiadamente la entrada, como es demostrado mediante una matriz corrupta • https://blog.sonatype.com/cve-2020-17479 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 10EXPL: 1CVE-2020-10663 – rubygem-json: Unsafe object creation vulnerability in JSON
https://notcve.org/view.php?id=CVE-2020-10663
28 Apr 2020 — The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. La gema JSON versiones hasta 2.2.0 para Ruby, como es usado en Ruby versiones 2.4 ha... • https://github.com/rails-lts/json_cve_2020_10663 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19507
https://notcve.org/view.php?id=CVE-2019-19507
02 Dec 2019 — In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. En jpv (también se conoce como Json Pattern Validator) versiones anteriores a 2.1.1, la función compareCommon() se puede omitir porque ciertos atributos internos pueden se... • https://github.com/ossf-cve-benchmark/CVE-2019-19507 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18848
https://notcve.org/view.php?id=CVE-2019-18848
12 Nov 2019 — The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. La gema json-jwt versiones anteriores a 1.11.0 para Ruby, carece de un conteo de elementos durante la división de una cadena JWE. • https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17072
https://notcve.org/view.php?id=CVE-2018-17072
16 Sep 2018 — JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. JSON++ hasta el 15 06 2016 tiene una sobrelectura de búfer en yyparse() en json.y. • https://github.com/tunnuz/json/issues/11 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000539 – Debian Security Advisory 4283-1
https://notcve.org/view.php?id=CVE-2018-1000539
26 Jun 2018 — Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later. Nov json-jwt, en versiones 0.5.0 hasta la 1.9.4 contiene una vulnerabilidad CWE-347: verificación incorrecta de firmas criptográficas en el descifra... • https://github.com/nov/json-jwt/pull/62 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000096
https://notcve.org/view.php?id=CVE-2018-1000096
13 Mar 2018 — brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks. brianleroux tiny-json-http, en todas las versiones desde el commit con ID 9b8e74a232bba4701844e07bcba794173b0238a8 (29 de octubre de 2016), contiene una vulnerabilidad de falta de certificado SSL que afecta a la funcional... • https://github.com/ossf-cve-benchmark/CVE-2018-1000096 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2537
https://notcve.org/view.php?id=CVE-2016-2537
23 Feb 2016 — The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. El paquete is-my-json-valid en versiones anteriores a 2.12.4 para Node.js tiene una expresión regular exports['utc-millisec'] incorrecta, lo que permite a atacantes remotos causar una denegación de servicio (bucle de eventos bloqueados) a través de una cadena manipulada. • https://github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2015-4590
https://notcve.org/view.php?id=CVE-2015-4590
22 Jun 2015 — The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\\0", which triggers a buffer overflow and over-read. La función extractFrom en Internals/QuotedString.cpp en Arduino JSON anterior a 4.5 permite a atacantes remotos causar una denegación de servicio (caída) a través de una cadena JSON con una \ (barra invertida) seguido por un term... • http://www.openwall.com/lists/oss-security/2015/06/16/6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •