610 matches found
CVE-2026-48862
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...
CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...
EEF-CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency
Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote...
CVE-2026-48862
Mint’s HTTP/2 client is vulnerable to unbounded growth of conn.streams due to PUSH_PROMISE handling. In Mint.HTTP2.decode_push_promise_headers_and_add_response/5, a :reserved_remote entry is created for every promised stream ID, and assert_valid_promised_stream_id/2 only checks that the ID is eve...
CVE-2026-48862
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...
CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...
EUVD-2026-33939
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...
PT-2026-45785
Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH PROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decode push promise headers and add response/5 inserts a :reserve...
Mint 安全漏洞
Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.2.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP/2 server’s ability to insert unlimited entries through the PUSHPROMISE frame, which could lead to memo...
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
Summary A sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending. In the tested configuration, a JSPI-backed Promise can reach...
GHSA-76W7-J9CQ-RX2J vm2 is Vulnerable to Sandbox Breakout Through Promise Species
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The localPromise constructor was changed to call this.thenundefined, eater to ensure a rejected promise i...
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The localPromise constructor was changed to call this.thenundefined, eater to ensure a rejected promise i...
ROS-20260529-73-0010
The vulnerability of JavaScript script handlers in Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in the issue of writing beyond the buffer boundaries in memory during the processing of Promise objects. Exploiting this vulnerability allows a malicious actor to execute arbitra...
PT-2026-45032
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description A sandbox escape allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly JavaScript Promise Integration,...
CVE-2026-44001
A flaw was found in vm2 before 3.11.0. Sandboxed code can crash the host Node.js process via a Promise constructor that triggers an unhandled rejection propagating to the host; the CVE-2026-22709 fix only sanitized .then/.catch callbacks, not the executor path. Fixed in 3.11.0...
NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable
NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable vulnerability discovered by ? in WordPress Npm svelte versions = 5.46.0, = 5.55.6...
GHSA-F3CJ-J4F6-WQ85 Svelte: SSR XSS via Insecure Promise Serialization in hydratable
Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...
Svelte: SSR XSS via Insecure Promise Serialization in hydratable
Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...
CVE-2026-44000
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the...
CVE-2026-44001
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10....