Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 22.04 LTS USN-6758-1: JSON5 Denial of Service Threat

ubuntu
Calendar Grey April 30, 2024
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6759-2 covers a critical JSON5 library vulnerability affecting multiple Ubuntu versions. Users should apply the recommended patches to protect their systems
JSON5 could allow unintended access to network services or have other unspecified impact.

Summary

JSON5 could allow unintended access to network services or have other

unspecified impact.

Software Description:

- node-json5: JSON for the ES5 era

Details:

It was discovered that the JSON5 parse method incorrectly handled the parsing

of keys named __proto__. An attacker could possibly use this issue to pollute

the prototype of the returned object, setting arbitrary or unexpected keys, and

cause a denial of service, allow unintended access to network services or have

other unspecified impact, depending on the application's use of the module.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   node-json5                      2.2.0+dfsg-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   node-json5                      0.5.1-3ubuntu0.1

Ubuntu 18.04 LTS
   node-json5                      0.5.1-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

After a standard system update you may need to restart any services that use
the library to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6758-1

CVE-2022-46175

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6758-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here