Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4742
A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution...
Json-pointer Project Json-pointer
NA
CVE-2022-43996
The csaf_provider package prior to 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web brows...
Csaf Provider Project Csaf Provider
NA
CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows malicious users to cause a Denial of Service (DoS) via crafted JSON data.
Jettison Project Jettison
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-45688
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows malicious users to cause a Denial of Service (DoS) via crafted JSON or XML data.
Hutool Hutool 5.8.10
Json-java Project Json-java
10 Github repositories
NA
CVE-2022-45693
Jettison before v1.5.2 exists to contain a stack overflow via the map parameter. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted string.
Jettison Project Jettison
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-3880
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin prior to 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate ar...
Antihacker Project Antihacker
NA
CVE-2022-42743
deep-parse-json version 1.0.2 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
Deep-parse-json Project Deep-parse-json 1.0.2
NA
CVE-2022-41713
deep-object-diff version 1.1.0 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.
Deep-object-diff Project Deep-object-diff 1.1.0
NA
CVE-2022-41714
fastest-json-copy version 1.0.1 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
Fastest-json-copy Project Fastest-json-copy 1.0.1
NA
CVE-2022-39227
python-jwt is a module for generating and verifying JSON Web Tokens. Versions before 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its content...
Python-jwt Project Python-jwt
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »