Lucene search
K

24 matches found

OSV
OSV
added 2026/06/16 2:32 p.m.5 views

GHSA-RV63-4MWF-QQC2 hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Summary The Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is delivered fully buffered and the adapter builds the request with the client-declared...

6.5CVSS5.4AI score0.00103EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.9 views

CVE-2026-44247

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.5 views

CVE-2026-40073

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 5:24 p.m.0 views

Allocation of Resources Without Limits or Throttling

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the request processing. An attacker can send requests that exceed BODYSIZELIMIT restriction to applications running with adapter-node...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 5:17 p.m.6 views

CVE-2026-40073

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

8.2CVSS0.00543EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:24 p.m.1 views

CVE-2026-40073

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 4:24 p.m.0 views

CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 4:24 p.m.23 views

CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

8.2CVSS0.00543EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

SvelteKit 安全漏洞

SvelteKit is an open-source web development framework developed in Svelte. Versions of SvelteKit prior to 2.57.1 contained security vulnerabilities. These vulnerabilities stemmed from a scenario where requests could bypass the BODYSIZELIMIT, potentially leading to denial-of-service attacks...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31989

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY SIZE LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other laye...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/30 6:32 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the installRequestBodyLimitGuard function in the Feishu webhook handler, which appli...

8.7CVSS6AI score0.00327EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/25 10:33 p.m.8 views

Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Summary Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. Details On-demand rendered sites built with Astro can define server actions...

7.5CVSS5.7AI score0.00415EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/25 10:33 p.m.7 views

GHSA-JM64-8M5Q-4QH8 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Summary Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. Details On-demand rendered sites built with Astro can define server actions...

5.9CVSS5.8AI score0.00415EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/24 12:46 a.m.9 views

CVE-2026-27729

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

5.9CVSS5.7AI score0.00415EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/10/10 7:22 p.m.5 views

CVE-2025-61919 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS0.00591EPSS
Exploits0References4
OSV
OSV
added 2025/10/10 5:33 p.m.3 views

GHSA-6XW4-3V39-52MM Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Summary Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of...

7.5CVSS6.9AI score0.00591EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/14 1:33 p.m.7 views

CVE-2025-59139

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

5.3CVSS6.6AI score0.00416EPSS
Exploits0References1
NVD
NVD
added 2025/09/12 2:15 p.m.4 views

CVE-2025-59139

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...

5.3CVSS0.00416EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.3 views

Hono 安全漏洞

Hono is a web framework written in TypeScript from the Hono community. A security vulnerability exists in Hono versions prior to 4.9.7, which stems from the bodyLimit middleware prioritizing the Content-Length header when handling conflicting HTTP headers, which could lead to a denial of service...

5.3CVSS6.2AI score0.00416EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.4 views

PT-2025-37316

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.9.7 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting...

5.3CVSS6.2AI score0.00416EPSS
Exploits0References10
Rows per page
Query Builder