Lucene search
K

434 matches found

Snyk
Snyk
added 2024/09/06 7:15 p.m.4 views

Uncontrolled Recursion

Overview std/go/build/constraint is a Go standard library package std/go/build/constraint Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stac...

8.7CVSS6.6AI score0.01046EPSS
Exploits0References3
Snyk
Snyk
added 2024/09/06 7:15 p.m.2 views

Uncontrolled Recursion

Overview std/encoding/gob is a Go standard library package std/encoding/gob Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...

8.7CVSS6.6AI score0.01403EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/09/06 3:8 a.m.3 views

SUSE CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

5.9CVSS7.4AI score0.01046EPSS
Exploits0References20
CNNVD
CNNVD
added 2024/09/06 12:0 a.m.3 views

Google Golang 安全漏洞

Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...

4.3CVSS7.2AI score0.00839EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.8 views

PT-2024-6107 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.1 and 1.22.1 Description: The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested literals in Go source code. This ca...

9.8CVSS6.4AI score0.91969EPSS
Exploits4References319
SUSE CVE
SUSE CVE
added 2024/08/23 2:27 a.m.5 views

SUSE CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

7.5CVSS6.8AI score0.01205EPSS
Exploits0References10
OSV
OSV
added 2024/08/22 3:15 p.m.6 views

AZL-48156 CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.3.9-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

5.9CVSS6.5AI score0.01205EPSS
Exploits0References1
OSV
OSV
added 2024/08/22 3:15 p.m.2 views

DEBIAN-CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

5.9CVSS6.2AI score0.01205EPSS
Exploits0References1
OSV
OSV
added 2024/08/22 3:15 p.m.8 views

AZL-48150 CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

5.9CVSS6.5AI score0.01205EPSS
Exploits0References1
OSV
OSV
added 2024/07/17 3:30 p.m.4 views

GHSA-2RWM-XV5J-777P Eclipse Parsson stack overflow when parsing deeply nested input

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...

9.2CVSS7.1AI score0.00588EPSS
Exploits1References6
OSV
OSV
added 2024/03/27 6:32 p.m.2 views

GHSA-W5GG-2Q56-6H4F Elasticsearch Uncontrolled Resource Consumption vulnerability

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

4.9CVSS6.8AI score0.00943EPSS
Exploits0References5
OSV
OSV
added 2024/03/27 5:15 p.m.11 views

CVE-2024-23450

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

7.5CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2024/03/27 5:15 p.m.1 views

UBUNTU-CVE-2024-23450

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...

7.5CVSS6.7AI score0.00943EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:2 a.m.26 views

BIT-GOLANG-2022-24921

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

7.5CVSS8.4AI score0.03255EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 10:59 a.m.23 views

BIT-GOLANG-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

7.5CVSS7.7AI score0.01403EPSS
Exploits0References6
OSV
OSV
added 2024/02/26 6:30 p.m.3 views

GHSA-PWR2-4V36-6QPR orjson does not limit recursion for deeply nested JSON documents

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS7.1AI score0.01187EPSS
Exploits1References7
PyPA
PyPA
added 2024/02/26 4:28 p.m.7 views

PYSEC-2024-40

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS7AI score0.01187EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/02/26 4:28 p.m.3 views

DEBIAN-CVE-2024-27454

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS7.3AI score0.01187EPSS
Exploits1References1
OSV
OSV
added 2024/02/26 4:28 p.m.6 views

PYSEC-2024-40

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

7.5CVSS5.9AI score0.01187EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

orjson Security Vulnerabilities

orjson is a fast and correct Python JSON library for ijl individual developers. A security vulnerability exists in versions of orjson prior to 3.9.15, which stems from recursion in unrestricted deeply nested JSON documents...

7.5CVSS6.8AI score0.01187EPSS
Exploits1References5
Rows per page
Query Builder