Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-23459
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer typ...
Json\\+\\+ Project Json\\+\\+ 1.0.0
Json\\+\\+ Project Json\\+\\+ 1.0.1
7.5
CVSSv3
CVE-2022-23460
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue...
Json\\+\\+ Project Json\\+\\+ 1.0.0
Json\\+\\+ Project Json\\+\\+ 1.0.1
NA
CVE-2013-0269
The JSON gem prior to 1.5.5, 1.6.x prior to 1.6.8, and 1.7.x prior to 1.7.7 for Ruby allows remote malicious users to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbi...
Rubygems Json Gem 1.7.1
Rubygems Json Gem 1.7.0
Rubygems Json Gem 1.6.1
Rubygems Json Gem 1.6.0
Rubygems Json Gem 1.7.6
Rubygems Json Gem 1.7.5
Rubygems Json Gem 1.6.5
Rubygems Json Gem 1.6.4
Rubygems Json Gem 1.5.2
Rubygems Json Gem 1.5.1
Rubygems Json Gem 1.7.4
Rubygems Json Gem 1.7.3
Rubygems Json Gem 1.7.2
Rubygems Json Gem 1.6.3
Rubygems Json Gem 1.6.2
Rubygems Json Gem 1.5.0
Rubygems Json Gem 1.6.7
Rubygems Json Gem 1.6.6
Rubygems Json Gem 1.5.4
Rubygems Json Gem 1.5.3
1 Github repository
9.8
CVSSv3
CVE-2018-17072
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.
Json\\+\\+ Project Json\\+\\+
9.8
CVSSv3
CVE-2016-20001
The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
Rest\\/json Project Rest\\/json
9.8
CVSSv3
CVE-2016-20004
The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
Rest\\/json Project Rest\\/json
7.5
CVSSv3
CVE-2016-20007
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
Rest\\/json Project Rest\\/json
5.3
CVSSv3
CVE-2018-1000539
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploi...
Json-jwt Project Json-jwt
1 Github repository
9.8
CVSSv3
CVE-2020-7766
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does ...
Json-ptr Project Json-ptr
9.8
CVSSv3
CVE-2022-4742
A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution...
Json-pointer Project Json-pointer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »