json is vulnerable to Out-of-bounds Read
53
Medium Risk
The native C parser in json does not clamp its read cursor to the end of the input buffer while scanning a string that ends with an unterminated escape sequence. When the parser then builds the end-of-input parse error, it reads one byte past the end of the buffer. Passing crafted, truncated JSON to JSON.parse triggers this out-of-bounds read, which can crash the process. The fix clamps the cursor to the buffer end in the string scanner and when computing the error position.
You are affected if you are using a version that falls within the vulnerable range.
json is vulnerable to Out-of-bounds Read in versions 2.10.0 - 2.19.7.
Upgrade the json library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant