ujson

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ujsonpage 1 of 1

CVE-2021-45958MEDIUMCVSS 5.5EG 5.5✓ Fixed in 5.1.0
2022-01-01
vulnerable: 4.0.2, 4.1.0, 4.2.0, 4.3.0, 5.0.0
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
CVE-2022-31116HIGHCVSS 7.5EG 7.5✓ Fixed in 5.4.0
2022-07-05
vulnerable: 1.15 ... 5.3.0 (31 versions)
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper…
CVE-2022-31117MEDIUMCVSS 5.9EG 5.9✓ Fixed in 5.4.0
2022-07-05
vulnerable: 1.15 ... 5.3.0 (31 versions)
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how…

Check whether ujson is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ujson CVEs against the assets you own.

Start Free Scan →