25 matches found
CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory OOM vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer...
CVE-2022-31162
Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...
Information disclosure
Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...
CVE-2022-31162
CVE-2022-31162 affects Slack Morphism (Rust) prior to 0.41.0. The root issue was overly verbose debug formatting that could cause Slack OAuth client information to leak into application logs. Exploitation guidance is not provided in the documents; however, various sources confirm an information d...
com.alejandrohdezma:http4s-munit-testcontainers_2.12 (>=0.2.0 <=0.6.3), com.alejandrohdezma:http4s-munit_2.12 (>=0.1.0 <=0.6.3) +3 more potentially affected by unknown CVE via org.http4s:http4s-async-http-client_2.12 (>=0.21.0-M6 <=0.21.25)
org.http4s:http4s-async-http-client2.12 MAVEN version =0.21.0-M6, =0.2.0, =0.1.0, =0.1.3, =0.1.3, =0.1.7 - org.scala-steward:scala-steward-core2.12 =0.5.0 Source cves: unknown CVE Source advisory: OSV:GHSA-8HXH-R6F7-JF45...