CVE-2024-21521

All versions of the package @discordjs/opus are vulnerable to Denial of Service DoS due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash...

CVE-2024-21521

All versions of the package @discordjs/opus are vulnerable to Denial of Service DoS due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash...

CVE-2024-21524

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example,...

CVE-2024-21521

CVE-2024-21521 affects the @discordjs/opus package (native bindings to libopus). The vulnerability arises when an input object with a toString property is passed to several functions, potentially causing a system crash (DoS). If exploiting details are provided, they would be consistent with a Den...

opus security breach

opus is an open source native binding to libopus v1.3 by discord.js. A security vulnerability exists in opus that stems from supplying input objects with the toString attribute to several different functions, making it susceptible to denial of service DoS attacks...

PT-2024-18938 · Npm · Node-Stringbuilder

Name of the Vulnerable Software and Affected Versions: node-stringbuilder versions all Description: The issue arises from incorrect memory length calculation in the node-stringbuilder package, leading to an Out-of-bounds Read. This occurs when methods such as ToBuffer, ToString, or CharAt are...

PT-2024-18935 · Unknown · @Discordjs/Opus

Name of the Vulnerable Software and Affected Versions: @discordjs/opus versions all Description: The issue is related to a Denial of Service DoS condition that can occur when an input object with a toString property is provided to several different functions. This can lead to a system or process...

Denial of Service (DoS)

Overview @discordjs/opus is a native bindings to libopus. Affected versions of this package are vulnerable to Denial of Service DoS due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash. Details Denial ...

GHSA-HHR9-RH25-HVF9 Feathers socket handler allows abusing implicit toString

Impact Feathers socket handler did not catch invalid string conversion errors like: ts const message = $ toString: '' Causing the NodeJS process to crash when sending an unexpected Socket.io message like ts socket.emit'find', toString: '' Patches A fix has been released in - v5.0.8 via 3241 -...

CVE-2023-37899 feathersjs socket handler allows abusing implicit toString

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

sqlite vulnerable to code execution due to Object coercion

Impact Due to the underlying implementation of .ToString, it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object. Users of sqlite3 v5.0.0 - v5.1.4 are affected by this. Patches Fixed in v5.1.5. All users are recommended to...

SUSE CVE-2005-0141

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab...

SUSE CVE-2013-0748

The XBL.proto.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR...

SUSE CVE-2013-1488

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

SUSE CVE-2013-1697

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...

SUSE CVE-2015-4599

The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service application crash, or possibly execute arbitrary code via an unexpected data type, related to a...

SUSE CVE-2015-8438

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

Cross site scripting

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...