CVE-2025-29786

CVE-2025-29786 concerns the Expr expression parser (Go). Prior to 1.17.0, unbounded input can cause the parser to build an excessively large AST, leading to high memory usage or an OOM crash. The issue is mitigated by a patch in 1.17.0 that enforces node budget and memory limits during parsing. R...

PT-2025-5646 · Asteval · Asteval

Name of the Vulnerable Software and Affected Versions: asteval affected versions not specified Description: The issue arises from how asteval performs attribute access verification, specifically in the on attribute node handler. This handler prevents access to attributes that are either present i...

GHSA-9R9M-FFP6-9X4V vue-i18n has cross-site scripting vulnerability with prototype pollution

Vulnerability type XSS Description vue-i18n can be passed locale messages to createI18n or useI18n. we can then translate them using t and $t. vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST. In order to maximize the performance of the translation...

[SECURITY] Fedora 39 Update: rust-nu-protocol-0.96.1-3.fc39

Nushell's internal protocols, including its abstract syntax tree...

PT-2023-21863 · Comrak · Comrak

Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue arises when a Comrak AST is constructed manually and then converted to HTML, as the HTML formatting code assumes the AST is well-formed. This assumption can be violated if the AST contain...

SUSE CVE-2022-28946

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service DoS via triggering out-of-range memory access...

AZL-44541 CVE-2022-37598 affecting package js-jquery 3.5.0-4

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

Denial Of Service

Open policy agent is vulnerable to Denial of Service. An attacker is able to crash the system via a maliciously crafted inputs via the abstract systax tree parser in ast/compile.go...

Design/Logic Flaw

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

Open Policy Agent 安全漏洞

Open Policy Agent is an open source general-purpose policy engine that enables uniform, context-aware policy enforcement across the stack. Open Policy Agent suffers from a security vulnerability that stems from the fact that under certain conditions, pretty-printing an Abstract Syntax Tree AST...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

PT-2020-15317 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.69 and earlier Description: The issue allows sandbox protection to be circumvented during the script compilation phase. This can be achieved by applying AST transforming annotations to imports or by...

FIDL: FLARE’s IDA Decompiler Library

IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a...

LibSass heap buffer overread vulnerability (CNVD-2019-40159)

LibSass is a C/C++ implementation of the Sass compiler. A heap buffer over-read vulnerability exists in Sass::weaveParents in astselweave.cpp in LibSass versions prior to 3.6.3. No details of the vulnerability are provided at this time...

jenkins-plugin-workflow-cps: Sandbox Bypass in Pipeline: Groovy Plugin

A flaw was found in Jenkins Pipeline. In the Declarative plugin, the script sandbox protection could be circumvented during the script compilation phase by applying AST. Both the pipeline validation REST APIs and the actual script/pipeline execution are affected. This allows users with Overall/Re...

Solving Ad-hoc Problems with Hex-Rays API

Introduction IDA Pro is the de facto standard when it comes to binary reverse engineering. Besides being a great disassembler and debugger, it is possible to extend it and include a powerful decompiler by purchasing an additional license from Hex-Rays. The ability to switch between disassembled a...

Solving Ad-hoc Problems with Hex-Rays API

Introduction IDA Pro is the de facto standard when it comes to binary reverse engineering. Besides being a great disassembler and debugger, it is possible to extend it and include a powerful decompiler by purchasing an additional license from Hex-Rays. The ability to switch between disassembled a...

Microsoft Edge Chakra ParseCatch Type Confusion (CVE-2017-11764)

A type confusion vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to a lack of validation in the ParseCatch method which results in the generation on a malformed Abstract Syntax Tree AST. A remote attacker could exploit this vulnerability by enticing the...

Internet Bug Bounty: Multiple use after frees in obj2ast_* methods

Multiple UAFs in Python AST API. link to bugtracker...