Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.

Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff

Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair characters.
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to a missing reference count decrement on an allocated Python string object during a write failure. The objToJSONFile() function in objToJSON.c allocates a serialised string via ujson_dumps_internal(), invokes the file object's write() method, and returns early when that call raises an exception without ever calling Py_DECREF on the resulting string, causing the allocation to never be freed. An attacker who can supply a file-like object whose write() method reliably raises exceptions — for instance, by repeatedly making requests to a web server that calls ujson.dump() and then closing connections mid-response — can drive the process into linear, unbounded memory growth, eventually exhausting available memory.

Affected versions of the ujson package are vulnerable to Denial of Service (DoS) due to integer overflow and underflow in indentation size calculations. The vulnerability exists in ujson.dump(), ujson.dumps(), and ujson.encode() when processing the indent parameter, because the code computes indentation buffer sizes with integer arithmetic that can overflow for very large positive values or underflow for negative values, leading to a segmentation fault or an infinite loop.