GHSA-HPWF-8G29-85QM Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport)

Impact Attacker sends many small, valid JSON messages in one TCP frame → handleData recurses once per message; buffer shrinks each call → maxBufferSize is never reached; call stack overflows instead → A 47 KB payload is sufficient to trigger RangeError Patches Fixed in @nestjs/[email protected]....

Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport)

Impact Attacker sends many small, valid JSON messages in one TCP frame → handleData recurses once per message; buffer shrinks each call → maxBufferSize is never reached; call stack overflows instead → A 47 KB payload is sufficient to trigger RangeError Patches Fixed in @nestjs/[email protected]....

Uncontrolled Recursion

Overview @nestjs/microservices is a Nest - modern, fast, powerful node.js web framework @microservices Affected versions of this package are vulnerable to Uncontrolled Recursion through the handleData function in packages/microservices/helpers/json-socket.ts. An attacker can crash the TCP...

OPENSUSE-SU-2020:0586-1 Security update for ruby2.5

This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON bsc1167244. - CVE-2020-10933: Heap exposure vulnerability in the socket library bsc1168938. This update was imported from the SUSE:SLE-15:Update update project...