Security
Headlines

Headlines Latest CVEs

Headline

GHSA-5c5f-7vfq-3732: JMESPath for Ruby using JSON.load instead of JSON.parse

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.

2 years ago

JMESPath for Ruby using JSON.load instead of JSON.parse

Moderate severity GitHub Reviewed Published Jun 7, 2022 • Updated Jun 7, 2022

Related news

CVE-2022-32511: What's the difference between JSON.load and JSON.parse methods of Ruby lib?

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.

2 years ago

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

14 hours ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

14 hours ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

15 hours ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

15 hours ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

15 hours ago