Safety CI > spacemanspiff2007/HABApp

Develop

3 years, 5 months ago

56fe6584

buffer is read from config

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

53f78db6

connection refactoring

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

pyup-update-sphinx-exec-code-0.5-to-0.6

3 years, 5 months ago

350714c3

Update sphinx-exec-code from 0.5 to 0.6

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

pyup-update-stackprinter-0.2.5-to-0.2.6

3 years, 5 months ago

afeb700e

Update stackprinter from 0.2.5 to 0.2.6

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

89bf33f7

- exposed internal thread pool to config

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

a4d16f6a

include requirements in package

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

5b6bf74c

.

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

96e5764c

.

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

f8e85e16

tox test

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

11668c98

fixed docs

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

bba62fac

.

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

3f228db5

.

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

pyup-update-voluptuous-0.12.2-to-0.13.0

3 years, 5 months ago

8da28e3b

Update voluptuous from 0.12.2 to 0.13.0

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

pyup-update-easyconfig-0.2.1-to-0.2.2

3 years, 5 months ago

55792abc

Update easyconfig from 0.2.1 to 0.2.2

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Develop

3 years, 5 months ago

96f39fd5

bump

ujson 5.1.0 has known security vulnerabilities.

Package	Installed	Affected	Info
ujson	5.1.0	<=5.1.0	show UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
ujson	5.1.0	<5.4.0	show Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Package

Installed

Affected

Info

ujson

5.1.0

<=5.1.0

show

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

ujson

5.1.0

<5.4.0

show

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff