Moderate severityNVD Advisory· Published Jul 2, 2010· Updated Apr 29, 2026
CVE-2009-4924
CVE-2009-4924
Description
Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-cjsonPyPI | < 1.1.0 | 1.1.0 |
Affected products
1- cpe:2.3:a:dan_pascu:python-cjson:1.0.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-95jp-77w6-qj52ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-4924ghsaADVISORY
- pypi.python.org/pypi/python-cjsonghsaWEB
- t3.dotgnu.info/blog/insecurity/quotes-dont-help.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/python-cjson/PYSEC-2010-26.yamlghsaWEB
- github.com/pypa/advisory-db/tree/main/vulns/python-cjson/PYSEC-2010-26.yamlghsaWEB
- pypi.python.org/pypi/python-cjson/nvd
News mentions
0No linked articles in our index yet.