RSS   Podatności dla 'Python-cjson'   RSS

2010-07-02
 
CVE-2010-1666

CWE-119
 

 
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

 
 
CVE-2009-4924

CWE-79
 

 
Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

 


Copyright 2024, cxsecurity.com

 

Back to Top