Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of `python-cjson` are vulnerable to Cross-Site Scripting (XSS) attacks. Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. How to fix Cross-site Scripting (XSS)? There is no fix version for`python-cjson`.	[,1.0.5]
M Denial of Service (DoS) `python-cjson` is a Fast JSON encoder/decoder for Python. Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.	[1.0.0,1.0.5.1)

Cross-site Scripting (XSS)

Affected versions of python-cjson are vulnerable to Cross-Site Scripting (XSS) attacks.

Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

How to fix Cross-site Scripting (XSS)?

There is no fix version forpython-cjson.

[,1.0.5]

Denial of Service (DoS)

python-cjson is a Fast JSON encoder/decoder for Python.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

[1.0.0,1.0.5.1)

Go back to all versions of this package