4157 matches found
Serialization Injection Vulnerability
LangChain is vulnerable to a Serialization Injection Vulnerability. The vulnerability is due to improper handling of user-controlled objects containing lc keys in the toJSON serialization logic, which allows an attacker to inject crafted data that is mistakenly treated as a trusted LangChain obje...
Serialization Injection Vulnerability
langchaincore is vulnerable to a Serialization Injection Vulnerability. The vulnerability is due to the dumps and dumpd functions not escaping user-controlled dictionaries containing the internal lc key, which allows an attacker to craft malicious input that is interpreted as a trusted LangChain...
Withdrawn Advisory: eslint has a Stack Overflow when serializing objects with circular references
Withdrawn Advisory This advisory has been withdrawn because RuleTester is used for testing rules during development and results in a error rather than crashing the application. Original Description There is a Stack Overflow vulnerability in eslint before 9.26.0 when serializing objects with...
GHSA-P5WG-G6QR-C7CG Withdrawn Advisory: eslint has a Stack Overflow when serializing objects with circular references
Withdrawn Advisory This advisory has been withdrawn because RuleTester is used for testing rules during development and results in a error rather than crashing the application. Original Description There is a Stack Overflow vulnerability in eslint before 9.26.0 when serializing objects with...
Uncontrolled Recursion
Overview org.webjars.npm:eslint is a pluggable linting utility for JavaScript and JSX Affected versions of this package are vulnerable to Uncontrolled Recursion in the isSerializable function when handling objects with circular references during the serialization process. An attacker can cause th...
CVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
CVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
CVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
UBUNTU-CVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
CVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
CVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
Linux Distros Unpatched Vulnerability : CVE-2025-50537
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is...
EUVD-2025-206359
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
CVE-2025-50537
Removed by vendor...
CVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...
CVE-2025-50537
CVE-2025-50537 : The vulnerability affects eslint before 9.26.0, where serializing objects with circular references in eslint/lib/shared/serialization.js triggers infinite recursion in isSerializable() during RuleTester.run() validation, causing a stack overflow. Multiple sources (NVD, OSV, and C...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
AZL-75234 CVE-2026-1299 affecting package python3 3.12.9-8
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
AZL-75219 CVE-2026-1299 affecting package python3 for versions less than 3.9.19-18
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...