python-cjson@1.0.5 vulnerabilities
Fast JSON encoder/decoder for Python
-
latest version
1.2.2
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
4 years ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the python-cjson package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. How to fix Cross-site Scripting (XSS)? There is no fix version for |
[,1.0.5]
|
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function. |
[1.0.0,1.0.5.1)
|