Double Free Affecting ujson package, versions [,5.4.0)
Snyk CVSS
Attack Complexity
High
Availability
High
Threat Intelligence
EPSS
0.2% (58th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-UJSON-2940619
- published 4 Jul 2022
- disclosed 4 Jul 2022
- credit unknown
Introduced: 4 Jul 2022
CVE-2022-31117 Open this link in a new tabHow to fix?
Upgrade ujson
to version 5.4.0 or higher.
Overview
ujson is an Ultra fast JSON encoder and decoder for Python
Affected versions of this package are vulnerable to Double Free on string decoding, if realloc
fails.
NOTE: According to the maintainer, this issue is "impossible to trigger from Python".