This page collects WhisperX intelligence signals tagged #JSON. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical severity vulnerability, CVE-2013-7285, has been detected in the XStream library version 1.4.5.jar. XStream is a widely used Java library for serializing objects to XML and back. The vulnerability affects XStream API versions up to 1.4.6 and version 1.4.10. The core issue is that if the library's security fra...
A moderate-severity security vulnerability (CVSS 5.5) in the ajv JSON schema validator library has been identified but cannot be automatically patched due to a corrupted project lockfile. The vulnerability is a Regular Expression Denial of Service (ReDoS) that affects versions of ajv below 8.18.0 when using the $data o...
广泛使用的 Java JSON 处理库 `org.json:json` 的 20220924 版本被确认存在两个安全漏洞,其中最高严重性评级为 7.5(高危)。该漏洞直接存在于核心库文件 `json-20220924.jar` 中,意味着任何依赖此版本的项目都可能面临远程代码执行或拒绝服务攻击的风险。 漏洞详情显示,受影响的库是 Douglas Crockford 维护的 JSON-java 参考实现,这是一个在 Java 生态中被大量项目引用的轻量级数据交换格式库。扫描路径指向 Maven 本地仓库的标准位置,证实了该依赖的普遍性。库的功能包括 JSON 与 XML、HTTP 头、Cookies 的转换,这些功能若存在漏洞,可能...
A critical security vulnerability in the widely used Jackson Core library allows attackers to bypass a key defense mechanism. The non-blocking (async) JSON parser fails to enforce the `maxNumberLength` constraint, a limit designed to prevent denial-of-service attacks. This flaw, tracked as GHSA-72hv-8253-57qq, means an...
A critical security vulnerability has been patched in the widely used Ruby `json` library. The flaw, tracked as CVE-2026-33210, is a format string injection vulnerability that could be exploited when using the `JSON.parse` method with the `allow_duplicate_key: false` option. This type of vulnerability can potentially a...
A critical vulnerability in the widely-used `jq` command-line JSON processor exposes any application using its library to potential memory disclosure or crashes. The flaw, tracked as CVE-2026-39979, resides in the `jv_parse_sized()` API within `libjq`. This function is designed to safely parse JSON from a counted buffe...
A critical vulnerability in the ubiquitous `jq` command-line JSON processor allows attackers to crash the tool and potentially probe memory, exposing any system that evaluates untrusted jq filters. The flaw, designated CVE-2026-39956, stems from a missing type check in the `_strindices` builtin function. In release bui...
A critical security vulnerability has been identified in a codebase, exposing a direct path to arbitrary filesystem writes. The flaw, designated as a P0 (Fix Now) priority, resides in the handling of batch JSON output fields. These fields are being used directly as file paths without any validation, creating a wide-ope...
The Ruby JSON library has released a critical security patch for a format string injection vulnerability, tracked as CVE-2026-33210. The flaw is present in the `JSON.parse` method when used with the `allow_duplicate_key: false` option. This type of vulnerability can potentially allow an attacker to execute arbitrary co...
The maintainers of Ruby's json gem have released version 2.15.2.1, patching a format string injection vulnerability (CVE-2026-33210) that affected the JSON.parse method when called with the allow_duplicate_key: false option. The flaw allowed potentially malicious input to execute arbitrary format specifiers during pars...
The Ruby JSON gem has released version 2.19.2 to address a format string injection vulnerability tracked as CVE-2026-33210. The security flaw exists within the `JSON.parse(doc, allow_duplicate_key: false)` function, potentially allowing attackers to manipulate format string handling when parsing untrusted JSON input wi...