Количество 8
Количество 8
GHSA-wpqr-jcpx-745r
Incorrect handling of invalid surrogate pair characters
CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-31116
UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...
BDU:2022-04296
Уязвимость пакета UltraJSON языка программирования Python, позволяющая нарушителю оказать воздействие на целостность данных
SUSE-SU-2022:2673-1
Security update for python-ujson
ROS-20240827-13
Уязвимость python3-ujson
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-wpqr-jcpx-745r Incorrect handling of invalid surrogate pair characters | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | CVE-2022-31116 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | CVE-2022-31116 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | CVE-2022-31116 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| CVE-2022-31116 UltraJSON is a fast JSON encoder and decoder written in pure C with bi ... | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | BDU:2022-04296 Уязвимость пакета UltraJSON языка программирования Python, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 9.1 | 0% Низкий | почти 3 года назад |
 | SUSE-SU-2022:2673-1 Security update for python-ujson | почти 3 года назад | ||
 | ROS-20240827-13 Уязвимость python3-ujson | CVSS3: 9.1 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу