CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41714
https://notcve.org/view.php?id=CVE-2022-41714
fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. La versión 1.0.1 de Fast-Json-copy permite a un atacante externo editar o agregar nuevas propiedades a un objeto. Esto es posible porque la aplicación no valida correctamente las claves JSON entrantes, permitiendo así editar la propiedad '__proto__'. • https://fluidattacks.com/advisories/guetta https://github.com/streamich/fastest-json-copy • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23460 – Stack overflow in Jsonxx
https://notcve.org/view.php?id=CVE-2022-23460
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. • https://securitylab.github.com/advisories/GHSL-2022-049_Jsonxx • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23459 – Double free or Use after Free in Value class of Jsonxx
https://notcve.org/view.php?id=CVE-2022-23459
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. • https://securitylab.github.com/advisories/GHSL-2022-048_Jsonxx • CWE-415: Double Free CWE-416: Use After Free •