PYSEC-2010-26

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/python-cjson/PYSEC-2010-26.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2010-26
Aliases
Published
2010-07-02T19:30:00Z
Modified
2023-11-01T04:44:12.265269Z
Summary
[none]
Details

Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

References

Affected packages

PyPI / python-cjson

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.0

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5