4 matches found
CVE-2026-54297
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...
CVE-2026-54297
CVE-2026-54297 (Faraday) : Uncontrolled recursion in Faraday::NestedParamsEncoder during decoding of nested query strings can create deeply nested Ruby Hashes, leading to a stack exhaustion DoS. Affected versions are Faraday 1.0.0 through 1.10.6 and 2.14.3. The vulnerability is fixed in 1.10.6 an...
CVE-2026-54297 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, kube-logging-operator, cinc-auditor, logstash, ruby3.3-faraday...
CVE-2026-54297
creationtimestamp| type| source ---|---|--- 2026-06-18 13:20:52+00:00| published-proof-of-concept| https://github.com/lostisland/faraday/security/advisories/GHSA-98m9-hrrm-r99r 2026-06-23 13:41:44+00:00| seen| https://gist.github.com/muhamedfazalps/a3449070789a6a2c13d4d4e844af803b...