3718 matches found
Tungstenite allows remote attackers to cause a denial of service
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...
RUSTSEC-2023-0065 Tungstenite allows remote attackers to cause a denial of service
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...
Important: ruby
Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...
Medium: tomcat
Issue Overview: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...
Important: golang
Issue Overview: The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh. CVE-2023-24532 HTTP and MIME header...
GHSA-9MCR-873M-XCXP Tungstenite allows remote attackers to cause a denial of service
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...
Tungstenite allows remote attackers to cause a denial of service
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
Design/Logic Flaw
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
Apache Flink Code Injection Vulnerability
Apache Flink is an open source distributed streaming data processing engine of the Apache Foundation . The product is mainly written in Java and Scala languages . Func is Knative open source a client library and CLI , support for the development and deployment of features . Apache Flink Stateful...
CVE-2023-43669
The CVE-2023-43669 issue affects the Tungstenite crate for Rust up to version 0.20.0, where an excessively long HTTP header in a client handshake can cause high CPU usage and denial of service. Affected projects using tungstenite (and dependent crates like tokio-tungstenite) are exposed to potent...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
SUSE-SU-2023:3692-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. bsc1215026...
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Windows
Eclipse Jetty is prone to an HTTP header vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Linux
Eclipse Jetty is prone to an HTTP header vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...