Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-w2rr-wvh9-m2m7: JSONUtil vulnerable to stack exhaustion

An issue was discovered JSONUtil through 5.0 that allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.

ghsa
Open in Source
#dos#js#git
GHSA-mx27-gg24-h2jc: ph-json vulnerable to stack exhaustion

An issue was discovered in ph-json that allows attackers to cause a denial of service or other unspecified impacts via crafted objects that have deeply nested structures.

GHSA-75r3-38rh-pmxv: sojo vulnerable to stack exhaustion

An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.

GHSA-779h-3r69-4f5p: json-io vulnerable to stack exhaustion

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that have deeply nested structures.

GHSA-fj64-qprx-q7vq: genson vulnerable to stack exhaustion

An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.

GHSA-66gv-5m8q-rrjc: jsonij vulnerable to stack exhaustion

An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.

GHSA-p4c9-x742-qh8c: pbjson vulnerable to stack exhaustion

An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.

GHSA-5ghv-wxh9-7356: Jenkins Digital.ai App Management Publisher Plugin missing permission checks

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

GHSA-62v2-xwh3-5gvx: Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.

GHSA-r72x-2h45-p59x: Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery

Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.