Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-42743: GitHub - sibu-github/deep-parse-json: Javascript function which recursively parses stringified json

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited.

CVE
Open in Source
#nodejs#js#git#java

deep-parse-json

Recursively parses a stringified json and returns javascript object

Usage

  npm install --save deep-parse-json
  or
  yarn add deep-parse-json


  const { deepParseJson } = require('deep-parse-json')
  const stringified = '{"personList":"[{\\"name\\":\\"siba\\"},{\\"name\\":\\"bhaskar\\"}]"}'
  console.log(deepParseJson(stringified))
  // { personList: [ { name: 'siba' }, { name: 'bhaskar' } ] }

Related news

GHSA-ff9j-pwxg-q5p2: deep-parse-json vulnerable to Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the `__proto__` property to be edited.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE