CVE-2026-54911
- EPSS 0.27%
- Veröffentlicht 22.06.2026 20:53:07
- Zuletzt bearbeitet 26.06.2026 20:10:54
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 ...
CVE-2026-44660
- EPSS 0.42%
- Veröffentlicht 27.05.2026 20:42:59
- Zuletzt bearbeitet 02.06.2026 18:00:03
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decrem...
CVE-2026-32874
- EPSS 0.48%
- Veröffentlicht 20.03.2026 02:16:35
- Zuletzt bearbeitet 30.06.2026 03:18:34
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large (outside of the range [-2^63, 2^64 - 1]) integers. The leaked memory...
CVE-2026-32875
- EPSS 0.47%
- Veröffentlicht 20.03.2026 02:16:35
- Zuletzt bearbeitet 30.06.2026 03:18:34
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the Python interpreter ...
CVE-2022-31116
- EPSS 2.28%
- Veröffentlicht 05.07.2022 18:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:55
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate ...
CVE-2022-31117
- EPSS 1.68%
- Veröffentlicht 05.07.2022 18:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:55
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON ...
CVE-2021-45958
- EPSS 1.55%
- Veröffentlicht 01.01.2022 00:15:08
- Zuletzt bearbeitet 21.11.2024 06:33:22
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.