Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project json vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-7965
flaskparser.py in Webargs 5.x up to and including 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows f...
Webargs Project Webargs
605
VMScore
CVE-2019-9710
An issue exists in webargs prior to 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests.
Webargs Project Webargs
445
VMScore
CVE-2020-36066
GJSON <1.6.5 allows malicious users to cause a denial of service (remote) via crafted JSON.
Gjson Project Gjson
445
VMScore
CVE-2020-35380
GJSON prior to 1.6.4 allows malicious users to cause a denial of service via crafted JSON.
Gjson Project Gjson
445
VMScore
CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly....
Ultrajson Project Ultrajson
Fedoraproject Fedora 35
Fedoraproject Fedora 36
801
VMScore
CVE-2021-31590
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user&qu...
Pwndoc Project Pwndoc
NA
CVE-2024-0964
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
Gradio Project Gradio -
1 Github repository
668
VMScore
CVE-2019-12966
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input.
Fehelper Project Fehelper
312
VMScore
CVE-2015-3161
The search bar code in bkr/server/widgets.py in Beaker prior to 20.1 does not escape </script> tags in string literals when producing JSON.
Beaker-project Beaker
NA
CVE-2023-0842
xml2js version 0.4.23 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.
Xml2js Project Xml2js 0.4.23
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »