Skip to main content

Json

6 CVEs product

Monthly

CVE-2026-54696 LOW Monitor

Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash via attacker-controlled serialized data. When applications invoke `JSON.dump(obj, io)` or `JSON::State#generate(obj, io)` to stream JSON to an IO object, the C-level generator can write past its internal buffer if the serialized object contains a string near 16 KB in size. Impact is confined to denial of service - reliable process termination - with no evidence of confidentiality or integrity impact. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS score of 3.7 (Low) appropriately reflects the constrained attack conditions.

Heap Overflow Denial Of Service Buffer Overflow Json
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2022-23460 HIGH This Week

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Json
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-23459 CRITICAL Act Now

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Json
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2020-7712 LIB HIGH POC PATCH This Week

This affects the package json before 10.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Json Commerce Guided Search Financial Services Crime And Compliance Management Studio Financial Services Regulatory Reporting With Agilereporter +1
NVD GitHub
CVSS 3.1
7.2
EPSS
3.7%
CVE-2020-10663 Ruby HIGH PATCH This Week

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Json Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2018-17072 CRITICAL Act Now

JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Json
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
EPSS 0% CVSS 3.7
LOW Monitor

Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash via attacker-controlled serialized data. When applications invoke `JSON.dump(obj, io)` or `JSON::State#generate(obj, io)` to stream JSON to an IO object, the C-level generator can write past its internal buffer if the serialized object contains a string near 16 KB in size. Impact is confined to denial of service - reliable process termination - with no evidence of confidentiality or integrity impact. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS score of 3.7 (Low) appropriately reflects the constrained attack conditions.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Json
NVD GitHub
EPSS 4% CVSS 7.2
HIGH POC PATCH This Week

This affects the package json before 10.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Json Commerce Guided Search +3
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Json Fedora +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Json
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy