Ubuntu 22.04 LTS USN-6758-1: JSON5 Denial of Service Threat
Apr 30, 2024
•
LinuxSecurity Advisories
1 - 2 min read
JSON5 could allow unintended access to network services or have other unspecified impact.
==========================================================================
Ubuntu Security Notice USN-6758-1
April 30, 2024
node-json5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
JSON5 could allow unintended access to network services or have other
unspecified impact.
Software Description:
- node-json5: JSON for the ES5 era
Details:
It was discovered that the JSON5 parse method incorrectly handled the parsing
of keys named __proto__. An attacker could possibly use this issue to pollute
the prototype of the returned object, setting arbitrary or unexpected keys, and
cause a denial of service, allow unintended access to network services or have
other unspecified impact, depending on the application's use of the module.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
node-json5 2.2.0+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
node-json5 0.5.1-3ubuntu0.1
Ubuntu 18.04 LTS
node-json5 0.5.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you may need to restart any services that use
the library to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6758-1
CVE-2022-46175
Package Information:
https://launchpad.net/ubuntu/+source/node-json5/0.5.1-3ubuntu0.1
PREVIOUS
NEXT
Ubuntu 22.04 LTS USN-6758-1: JSON5 Denial of Service Threat
ubuntu
April 30, 2024
JSON5 could allow unintended access to network services or have other unspecified impact.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: JSON5 could allow unintended access to network services or have other unspecified impact. Software Description: - node-json5: JSON for the ES5 era Details: It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named __proto__. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network services or have other unspecified impact, depending on the application's use of the module.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS node-json5 2.2.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS node-json5 0.5.1-3ubuntu0.1 Ubuntu 18.04 LTS node-json5 0.5.1-1ubuntu0.1~esm1 Available with Ubuntu Pro After a standard system update you may need to restart any services that use the library to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6758-1
CVE-2022-46175
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-6758-1
Package Information
https://launchpad.net/ubuntu/+source/node-json5/0.5.1-3ubuntu0.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!