Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/06/29 4:59 a.m.10 views

CVE-2026-48712

A flaw was found in protobufjs. A remote attacker could exploit this by sending a crafted protobuf binary payload containing deeply nested 'Any' values. This uncontrolled recursion could exhaust the JavaScript call stack during conversion to JSON, leading to a Denial of Service DoS. Mitigation No...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 7:51 p.m.3 views

GHSA-CJ9G-3MJ2-G8VV MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

Summary MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack deserialization. Three related issues are covered by this advisory: 1...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 7:51 p.m.7 views

EUVD-2026-38384

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.6 views

CVE-2026-48512

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

7.5CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:14 p.m.5 views

CVE-2026-48512

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 9:14 p.m.5 views

CVE-2026-48512 MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. These paths are in the JSON conversion component rather than normal typed MessagePack...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:14 p.m.17 views

CVE-2026-48512

CVE-2026-48512 affects MessagePack-CSharp. The JSON conversion helpers in MessagePack-CSharp allowed recursive processing without a consistent depth limit, enabling attacker-controlled input to exhaust the process stack and trigger a StackOverflowException. This occurs in the JSON conversion path...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.7 views

CVE-2026-48712

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversio...

7.5CVSS0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 4:21 p.m.31 views

CVE-2026-48712 protobufjs: Denial of service through unbounded Any expansion during JSON conversion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversio...

7.5CVSS0.00324EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:21 p.m.4 views

CVE-2026-48712

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversio...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 4:21 p.m.27 views

CVE-2026-48712

The CVE-2026-48712 vulnerability affects protobufjs (JavaScript) in the toObject() conversion path and the google.protobuf.Any JSON conversion path. Prior to versions 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit when converting decoded messages to plain objects/JSON, allowing a...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51396

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description JSON conversion helpers contain multiple recursion paths that do not consistently enforce a depth limit. Specifically, the...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/15 5:30 p.m.12 views

protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 5:30 p.m.7 views

GHSA-WCPC-WJ8M-HJX6 protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 5:30 p.m.5 views

NPM: protobufjs: Denial of service through unbounded Any expansion during JSON conversion

NPM: protobufjs: Denial of service through unbounded Any expansion during JSON conversion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.0...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 5:30 p.m.10 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containing deeply nested Any values that are expanded during...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References2
Fedora
Fedora
added 2025/09/17 12:57 a.m.8 views

[SECURITY] Fedora 42 Update: perl-JSON-XS-4.04-1.fc42

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS6.9AI score0.00603EPSS
Exploits0
Fedora
Fedora
added 2025/09/17 12:16 a.m.10 views

[SECURITY] Fedora 43 Update: perl-JSON-XS-4.04-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS6.9AI score0.00603EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/07/13 12:0 a.m.33 views

New in Spring 6.1: RestClient

Spring Framework 6.1 M2 introduces the RestClient, a new synchronous HTTP client. As the name suggests, RestClient offers the fluent API of WebClient with the infrastructure of RestTemplate. Fourteen years ago, when RestTemplate was introduced in Spring Framework 3.0, we quickly discovered that...

7AI score
Exploits0
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.6 views

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison 3.3 and earlier versions of a security vulnerability , the vulnerability stems from allowing an attacker to cause a denial of service...

7.5CVSS7.3AI score0.01175EPSS
Exploits1References4
Rows per page
Query Builder