16 matches found
EUVD-2023-52358
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...
MAL-2024-5358 Malicious code in message-serializer (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in message-serializer (PyPI)
--- -= Per source details. Do not edit below this line.=-...
BIT-DISCOURSE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
Discourse Denial of Service Vulnerability
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a denial of service vulnerability that stems from the ability to create very long user arrays in the message serializer, which can be exploited...
CVE-2023-48297
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
Code injection
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
CVE-2023-48297
Discourse vulnerability CVE-2023-48297 affects the message serializer that expands chat mentions (@all/@here). The implementation can generate a very large array of users, enabling a denial of service as stated in the CVE description. The issue was patched in Discourse versions 3.1.4 and in the b...
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
Discourse 安全漏洞
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a denial of service vulnerability that stems from the ability to create very long user arrays in the message serializer, which can be exploited...