Show filters
139 Total Results
Displaying 31-40 of 139
Sort by:
Attacker Value
Unknown

CVE-2023-3040

Disclosure Date: June 14, 2023 (last updated February 25, 2025)
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment.
Attacker Value
Unknown

CVE-2022-47937

Disclosure Date: May 15, 2023 (last updated February 24, 2025)
Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries.
Attacker Value
Unknown

CVE-2023-25485

Disclosure Date: April 25, 2023 (last updated February 24, 2025)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.
Attacker Value
Unknown

CVE-2023-27849

Disclosure Date: April 24, 2023 (last updated February 24, 2025)
rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.
Attacker Value
Unknown

CVE-2023-1370

Disclosure Date: March 22, 2023 (last updated February 24, 2025)
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
Attacker Value
Unknown

CVE-2021-4329

Disclosure Date: March 05, 2023 (last updated February 24, 2025)
A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability.
Attacker Value
Unknown

CVE-2022-4666

Disclosure Date: February 21, 2023 (last updated October 08, 2023)
The Markup (JSON-LD) structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Attacker Value
Unknown

CVE-2023-23088

Disclosure Date: February 03, 2023 (last updated February 24, 2025)
Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.
Attacker Value
Unknown

CVE-2023-23087

Disclosure Date: February 03, 2023 (last updated February 24, 2025)
An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.
Attacker Value
Unknown

CVE-2023-23086

Disclosure Date: February 03, 2023 (last updated February 24, 2025)
Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function.

This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.