CVE-2014-4616

Improper Validation of Array Index in pypi/simplejson

Identifiers

GHSA-9772-cwx9-r4cj, CVE-2014-4616

Package Slug

pypi/simplejson

Vulnerability

Improper Validation of Array Index

Description

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function.

Affected Versions

All versions before 2.6.1

Solution

Upgrade to version 2.6.1 or above.

Last Modified

2022-07-29

source