UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps() (or ujson.dump() or ujson.encode()) have a reject_bytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity issues. This vulnerability is fixed in 5.13.0.
0.12.0-2ubuntu10.13.1-2ubuntu10.13.1-2ubuntu220140924-30.15.0-20.15.0-2ubuntu10.15.0-2ubuntu20.17.1-3ubuntu220140924-40.19.2-5.1ubuntu40.22.0-2ubuntu10.22.0-30.22.0-40.22.0-4ubuntu10.23.3+dfsg-4ubuntu10.23.3+dfsg-4ubuntu50.23.3+dfsg-4ubuntu60.25.3+dfsg-40.25.3+dfsg-4build10.25.3+dfsg-720140924-7build120140924-81.1.5+dfsg-21.1.5+dfsg-2ubuntu11.3.5+dfsg-21.3.5+dfsg-2ubuntu11.3.5+dfsg-31.5.3+dfsg-101.5.3+dfsg-61.5.3+dfsg-6ubuntu11.5.3+dfsg-7ubuntu12.1.4+dfsg-4ubuntu22.1.4+dfsg-72.2.3+dfsg-8build12.2.3+dfsg-9Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:LI:LA:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N