Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-1107
It exists that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.
Is-my-json-valid Project Is-my-json-valid
5
CVSSv2
CVE-2019-18848
The json-jwt gem prior to 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
Json-jwt Project Json-jwt
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2021-3918
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Json-schema Project Json-schema
Debian Debian Linux 10.0
3 Github repositories
NA
CVE-2023-27849
rails-routes-to-json v1.0.0 exists to contain a remote code execution (RCE) vulnerability via the child_process function.
Rails-routes-to-json Project Rails-routes-to-json 1.0.0
6.8
CVSSv2
CVE-2016-10610
unicode-json is a unicode lookup table. unicode-json prior to 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
Unicode Unicode-json
5
CVSSv2
CVE-2018-18853
Lightbend Spray spray-json up to and including 1.3.4 allows remote malicious users to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many decimal digits.
Lightbend Spray-json
5
CVSSv2
CVE-2018-18854
Lightbend Spray spray-json up to and including 1.3.4 allows remote malicious users to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
Lightbend Spray-json
7.5
CVSSv2
CVE-2021-23899
OWASP json-sanitizer prior to 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an malicious user to inject arbitrary HTML or XML into embedding documents.
Owasp Json-sanitizer
1 Github repository
5
CVSSv2
CVE-2021-23900
OWASP json-sanitizer prior to 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
Owasp Json-sanitizer
6.5
CVSSv2
CVE-2020-7709
This affects the package json-pointer prior to 0.6.1. Multiple reference of object using slash is supported.
Smallpdf Json-pointer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »