MAL-2024-5358 Malicious code in message-serializer (PyPI)

--- -= Per source details. Do not edit below this line.=-...

XML External Entity (XXE) Injection

symfony/serializer is vulnerable to XML External Entity XXE injection. This vulnerability is due to the failure to disable external entities when parsing XML using the XMLEncoder component, which allows an attacker to include arbitrary files from the file system by exploiting the XXE injection fl...

Fedora: Security Advisory for rust-pythonize (FEDORA-2024-d408b654d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-pythonize (FEDORA-2024-3ff83cb806)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-pythonize-0.21.1-1.fc40

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

[SECURITY] Fedora 38 Update: rust-pythonize-0.21.1-1.fc38

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

[SECURITY] Fedora 39 Update: rust-pythonize-0.21.1-1.fc39

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

BIT-SYMFONY-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

BIT-DISCOURSE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...

Discourse Denial of Service Vulnerability

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a denial of service vulnerability that stems from the ability to create very long user arrays in the message serializer, which can be exploited...

Embedchain Security Breach

Embedchain is an open source RAG framework from Embedchain Open Source. A security vulnerability exists in Embedchain versions prior to 0.1.57. An attacker exploited the vulnerability to conduct a regular expression denial of service attack via a long string in json.py...

CVE-2023-48297

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...

Code injection

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...

CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...

CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...

CVE-2023-48297

Discourse vulnerability CVE-2023-48297 affects the message serializer that expands chat mentions (@all/@here). The implementation can generate a very large array of users, enabling a denial of service as stated in the CVE description. The issue was patched in Discourse versions 3.1.4 and in the b...

CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a denial of service vulnerability that stems from the ability to create very long user arrays in the message serializer, which can be exploited...

Malicious code in lwc-jest-serializer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c88fb0df21e3f633176d1aa6411b5fa4bb5175518fe00ea39ededf35bf8823de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-75 Malicious code in lwc-jest-serializer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c88fb0df21e3f633176d1aa6411b5fa4bb5175518fe00ea39ededf35bf8823de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...