Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json project vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43996
The csaf_provider package prior to 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web brows...
Csaf Provider Project Csaf Provider
NA
CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows malicious users to cause a Denial of Service (DoS) via crafted JSON data.
Jettison Project Jettison
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-45693
Jettison before v1.5.2 exists to contain a stack overflow via the map parameter. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted string.
Jettison Project Jettison
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-45688
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows malicious users to cause a Denial of Service (DoS) via crafted JSON or XML data.
Hutool Hutool 5.8.10
Json-java Project Json-java
10 Github repositories
NA
CVE-2022-3880
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin prior to 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate ar...
Antihacker Project Antihacker
NA
CVE-2022-41713
deep-object-diff version 1.1.0 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.
Deep-object-diff Project Deep-object-diff 1.1.0
NA
CVE-2022-41714
fastest-json-copy version 1.0.1 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
Fastest-json-copy Project Fastest-json-copy 1.0.1
NA
CVE-2022-42743
deep-parse-json version 1.0.2 allows an external malicious user to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.
Deep-parse-json Project Deep-parse-json 1.0.2
NA
CVE-2022-39227
python-jwt is a module for generating and verifying JSON Web Tokens. Versions before 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its content...
Python-jwt Project Python-jwt
3 Github repositories
NA
CVE-2022-38882
The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
D8s-json Project D8s-json 0.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »