CVE-2023-36478

A flaw was found in Jetty http2-hpack and http3-qpack. If header values exceed the size limit and Huffman is the trueMetaDataBuilder.checkSize, the multiplication will overflow, and the length will become negative, causing a large buffer allocation on the server, leading to a Denial of Service Do...

org.eclipse.jetty.documentation:jetty-documentation (>=10.0.10 <=10.0.15), org.eclipse.jetty.http3:http3-client (>=10.0.10 <=10.0.15) +6 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=10.0.10 <=10.0.15)

org.eclipse.jetty.http3:http3-qpack MAVEN version =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =5.26.1, =5.27.0 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...

CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...

BabyShark - Basic C2 Server

This is a basic C2 generic server written in Python and Flask. This code has based ideia to GTRS, which uses Google Translator as a proxy for sending commands to the infected host. The BabyShark project aims to centralize reverse connections with agents, creating a way to centralize several types...