6 matches found
Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service
Summary The built-in string.padleft and string.padright template functions in Scriban perform no validation on the width parameter, allowing a template expression to allocate arbitrarily large strings in a single call. When Scriban is exposed to untrusted template input — as in the official...
GHSA-V66J-X4HW-FV9G Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service
Summary The built-in string.padleft and string.padright template functions in Scriban perform no validation on the width parameter, allowing a template expression to allocate arbitrarily large strings in a single call. When Scriban is exposed to untrusted template input — as in the official...
CVE-2012-4885
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...
DEBIAN-CVE-2012-4885
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...
Input validation
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...
CVE-2012-4885
The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...