← Back

Json++

json++

Vendor: Json++ Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-10663
5Apple
DebianFedoraproject+2 more
5Debian Linux
FedoraJson+++2 more
Nov 21, 2024
Apr 28, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on...Show more
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.Show less
CVE-2018-17072
1Json++ Project
1Json++
Nov 21, 2024
Sep 16, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y.