CSOonline

JSON-based SQL injection attacks trigger need to update web application firewalls

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for ...
GitHub

Command Injection / Remote Code Execution (RCE) via Insecure Deserialization in decode() of json_conversion.py in PyGlove v0.4.5 - (github.com/google/pyglove)

pyglove is a Python library developed by Google that introduces the paradigm of symbolic object programming to dynamically manipulate Python programs. Its main goal is to make advanced tasks—such as ...
GitHub

Critical Severity Risk - JSON Injection

On line 159 of LottieAnimationHelpers.swift, the method from:data:strategy:() writes unvalidated input into JSON. This call could allow an attacker to inject arbitrary elements or attributes into the ...
Security Boulevard

Dana Epp

Learn how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API. The post Attacking APIs using JSON Injection ...