python-cjson@1.0.5 vulnerabilities

Fast JSON encoder/decoder for Python

latest version

1.2.2
latest non vulnerable version

1.2.2
first published

17 years ago
latest version published

4 years ago
licenses detected
- LGPL-3.0
  [0,)
View python-cjson package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the python-cjson package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of `python-cjson` are vulnerable to Cross-Site Scripting (XSS) attacks. Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. How to fix Cross-site Scripting (XSS)? There is no fix version for`python-cjson`.	[,1.0.5]
M Denial of Service (DoS) `python-cjson` is a Fast JSON encoder/decoder for Python. Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.	[1.0.0,1.0.5.1)

Cross-site Scripting (XSS)

Affected versions of python-cjson are vulnerable to Cross-Site Scripting (XSS) attacks.

Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

How to fix Cross-site Scripting (XSS)?

There is no fix version forpython-cjson.

[,1.0.5]

Denial of Service (DoS)

python-cjson is a Fast JSON encoder/decoder for Python.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

[1.0.0,1.0.5.1)

Go back to all versions of this package

python-cjson@1.0.5 vulnerabilities

Fast JSON encoder/decoder for Python

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities