Boa (>=0.13.0 <=0.13.1), arci-urdf-viz (>=0.0.7 <=0.1.0) +89 more potentially affected by unknown CVE via fast-float (=0.2.0)

fast-float CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fast-float and may be impacted: - Boa =0.13.0, =0.0.7, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.19.0, =0.3.0, =0.4.1, =0.6.2, =0.3.2, =0.4.1, =0.3.2, =0.20.2 and more Source cves...

MAL-2024-9705 Malicious code in media-query-list-parser (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

CVE-2024-34698 Prototype Pollution in getQueryParam Function (URL Query Parser)

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

Spring Data JPA introduces query parser!

The Problem One of Spring Data JPA’s handy features is letting you plugin in custom JPA queries through its @Query annotation. This allows some flexiblity because you are still able to offer sort parameters to the consumers of your app. Check out the example below: interface SampleRepository...

K10631153: Apache Solr vulnerability CVE-2017-12629

Security Advisory Description Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to...

Denial Of Service (DoS)

github.com/revel/revel is vulnerable to denial of service attacks. Unsanitized input in the query parser in bindSlice function allows remote attackers to cause resource exhaustion via unbounded memory allocation resulting in denial of service...

CVE-2020-36568

Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation...

DEBIAN-CVE-2020-36568

Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation...

CVE-2020-36568

Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation...

Memory corruption

Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation...

UBUNTU-CVE-2020-36568

Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation...

CVE-2020-36568

Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation...

CVE-2020-36568

CVE-2020-36568 affects github.com/revel/revel, where the query parser accepts unsanitized input. The issue can trigger resource exhaustion via memory allocation, potentially impacting availability. Public details indicate exploitation would require network access and no user interaction. The vuln...

CVE-2020-36568 Resource exhaustion in github.com/revel/revel

Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation...

qs 安全漏洞

ljharb qs is a query string parser with nesting support by the individual developer Jordan Harband in the United States. A security vulnerability exists in versions prior to qs 6.10.3, which stems from parse ignoring the proto key, and can be exploited by an attacker to place an attack payload in...

@mongodb-js/compass-aggregations (>=0.0.20 <=4.1.0), @mongodb-js/compass-export-to-language (>=2.2.22 <=2.2.24) +4 more potentially affected by CVE-2020-24391 via mongodb-query-parser (>=0.0.1 <=1.5.0)

mongodb-query-parser NPM version =0.0.1, =0.0.20, =2.2.22, =0.0.3, =3.0.0, =1.0.3, =0.0.1, =0.4.2 Source cves: CVE-2020-24391 Source advisory: OSV:GHSA-HXMG-HM46-CF62...

@mongodb-js/compass-aggregations (>=0.0.20 <=4.1.0), @mongodb-js/compass-export-to-language (>=2.2.22 <=2.2.24) +4 more potentially affected by unknown CVE via mongodb-query-parser (>=0.0.1 <=1.5.0)

mongodb-query-parser NPM version =0.0.1, =0.0.20, =2.2.22, =0.0.3, =3.0.0, =1.0.3, =0.0.1, =0.4.2 Source cves: unknown CVE Source advisory: OSV:GHSA-97MG-3CR6-3X4C...

Remote Code Execution in mongodb-query-parser

Versions of mongodb-query-parser prior to 2.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize queries, allowing attackers to execute arbitrary code in the system. Parsing the following payload executes touch test-file: 'function return clearImmediate.constructor"return...

GHSA-97MG-3CR6-3X4C Remote Code Execution in mongodb-query-parser

Versions of mongodb-query-parser prior to 2.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize queries, allowing attackers to execute arbitrary code in the system. Parsing the following payload executes touch test-file: 'function return clearImmediate.constructor"return...