Security vulnerabilities and automated fixes for json parsing issues
2 posts found
A critical buffer overflow vulnerability was discovered and patched in the popular OJ Ruby JSON library's fast.c parser, where an unbounded strcpy call allowed attacker-controlled JSON input to overwrite adjacent memory. Left unpatched, this classic CWE-120 flaw could enable arbitrary code execution in any application parsing untrusted JSON with the affected library. The fix eliminates the unsafe copy operation, closing a potential remote code execution vector that affected countless Ruby applic
A medium-severity vulnerability in file import functionality left applications vulnerable to Denial of Service (DoS) attacks through maliciously crafted files. By exploiting missing resource limits and validation checks, attackers could exhaust server memory with deeply nested JSON or oversized files, potentially bringing down entire services.