Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project json vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-7965
flaskparser.py in Webargs 5.x up to and including 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows f...
Webargs Project Webargs
8.1
CVSSv3
CVE-2019-9710
An issue exists in webargs prior to 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests.
Webargs Project Webargs
7.5
CVSSv3
CVE-2020-35380
GJSON prior to 1.6.4 allows malicious users to cause a denial of service via crafted JSON.
Gjson Project Gjson
7.5
CVSSv3
CVE-2020-36066
GJSON <1.6.5 allows malicious users to cause a denial of service (remote) via crafted JSON.
Gjson Project Gjson
7.5
CVSSv3
CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly....
Ultrajson Project Ultrajson
Fedoraproject Fedora 35
Fedoraproject Fedora 36
8.8
CVSSv3
CVE-2021-31590
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user&qu...
Pwndoc Project Pwndoc
9.4
CVSSv3
CVE-2024-0964
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
Gradio Project Gradio -
1 Github repository
9.8
CVSSv3
CVE-2019-12966
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input.
Fehelper Project Fehelper
4.8
CVSSv3
CVE-2015-3161
The search bar code in bkr/server/widgets.py in Beaker prior to 20.1 does not escape </script> tags in string literals when producing JSON.
Beaker-project Beaker
5.3
CVSSv3
CVE-2023-0842
xml2js version 0.4.23 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.
Xml2js Project Xml2js 0.4.23
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »