CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51774
https://notcve.org/view.php?id=CVE-2023-51774
25 Dec 2023 — The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. La gema json-jwt (también conocida como JSON::JWT) 1.16.3 para Ruby a veces permite eludir los controles de identidad mediante un ataque de confusión de signo/cifrado. Por ejemplo, a veces se puede utilizar JWE para omitir JSON::JWT.decode. • https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5072 – DoS Vulnerability in JSON-Java
https://notcve.org/view.php?id=CVE-2023-5072
12 Oct 2023 — Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. Denegación de Servicio (DoS) en versiones JSON-Java hasta 20230618 incluida. Un error en el analizador significa que una cadena de entrada de tamaño modesto puede provocar el uso de cantidades indefinidas de memoria. A flaw was found in the org.json package. • http://www.openwall.com/lists/oss-security/2023/12/13/4 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32292 – Ubuntu Security Notice USN-6310-1
https://notcve.org/view.php?id=CVE-2021-32292
22 Aug 2023 — An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. Se descubrió un problema en json-c desde 20200420 (post 0.14 código no publicado) hasta 0.15-20200726. Existe un Desbordamiento de Búfer en el programa de ejemplo auxiliar json_parse que se encuentra en el análisis de funciones. It was discovered that json-c incorrectly handled certain JSON files... • https://github.com/json-c/json-c/issues/654 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34610
https://notcve.org/view.php?id=CVE-2023-34610
14 Jun 2023 — An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. • https://github.com/jdereg/json-io/issues/169 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34612
https://notcve.org/view.php?id=CVE-2023-34612
14 Jun 2023 — An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. • https://github.com/phax/ph-commons/issues/35 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2023-27849
https://notcve.org/view.php?id=CVE-2023-27849
24 Apr 2023 — rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. • https://github.com/omnitaint/Vulnerability-Reports/blob/2211ea4712f24d20b7f223fb737910fdfb041edb/reports/rails-routes-to-json/report.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1370 – Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON
https://notcve.org/view.php?id=CVE-2023-1370
13 Mar 2023 — [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. A flaw was found in the json-smart package. • https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4329 – json-logic-js logic.js command injection
https://notcve.org/view.php?id=CVE-2021-4329
05 Mar 2023 — A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. • https://github.com/jwadhams/json-logic-js/commit/c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45491
https://notcve.org/view.php?id=CVE-2022-45491
03 Feb 2023 — Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. • https://github.com/hyrathon/trophies/security/advisories/GHSA-55fm-gm4m-3v3j • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45492
https://notcve.org/view.php?id=CVE-2022-45492
03 Feb 2023 — Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. • https://github.com/hyrathon/trophies/security/advisories/GHSA-r9wh-hxqh-3xq7 • CWE-787: Out-of-bounds Write •