12 matches found
EUVD-2025-200372
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...
EUVD-2022-39948
Malicious code in bioql PyPI...
AZL-32107 CVE-2023-46118 affecting package rabbitmq-server for versions less than 3.11.24-1
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...
CVE-2022-37312
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...
CVE-2022-37312
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...
CVE-2022-37312
OX App Suite up to version 7.10.6 is affected by an Uncontrolled Resource Consumption vulnerability triggered by a large request body containing a redirect URL to the deferrer servlet. Reported impact: memory/resource exhaustion with availability impact. Public remediation guidance varies: PT Sec...
CVE-2022-37312
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...
CVE-2022-3212
::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally:...
KubeEdge 资源管理错误漏洞
KubeEdge is KubeEdge open source a Kubernetes native edge computing framework. Built on Kubernetes and extends native containerized application orchestration and device management to edge hosts. A resource management error vulnerability exists in KubeEdge versions prior to 1.11.1, 1.10.2, and...
NanoHTTPD 安全漏洞
NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that...
tomcat: non-persistent DoS attack by feeding data by aborting an upload
It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made...