Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-19507
In jpv (aka Json Pattern Validator) prior to 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a c...
Json Pattern Validator Project Json Pattern Validator
NA
CVE-2015-10004
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.
Json Web Token Project Json Web Token -
383
VMScore
CVE-2022-30241
The jquery.json-viewer library up to and including 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
Jquery Json-viewer Project Jquery Json-viewer
445
VMScore
CVE-2021-31684
A vulnerability exists in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
Json-smart Project Json-smart-v1
Json-smart Project Json-smart-v2
Oracle Utilities Framework 4.4.0.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Utilities Framework 4.4.0.3.0
NA
CVE-2022-42743
deep-parse-json version 1.0.2 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
Deep-parse-json Project Deep-parse-json 1.0.2
NA
CVE-2021-4329
A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is...
Json-logic-js Project Json-logic-js 2.0.0
NA
CVE-2022-41714
fastest-json-copy version 1.0.1 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
Fastest-json-copy Project Fastest-json-copy 1.0.1
NA
CVE-2022-45688
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows malicious users to cause a Denial of Service (DoS) via crafted JSON or XML data.
Hutool Hutool 5.8.10
Json-java Project Json-java
10 Github repositories
NA
CVE-2022-36010
This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). To do this, Javascript...
React Editable Json Tree Project React Editable Json Tree
445
VMScore
CVE-2018-1107
It exists that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.
Is-my-json-valid Project Is-my-json-valid
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »