Advisories for Pypi/Python-Cjson package

2022

Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

2021

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Dan Pascu python-cjson does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.