Lucene search
K

4 matches found

Snyk
Snyk
added 2026/02/12 3:29 p.m.4 views

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup due to the improper cleanup of the streams map. An attacker can cause unbounded memory consumption by repeatedly creating and closing a large number of streams, leading to resource exhaustion. Remediation Upgrade...

6.9CVSS5.6AI score0.00366EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/09 5:5 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing large EXIF data structures. An attacker can cause denial of service by sending malicious images. Remediation Upgrade github.com/bep/imagemeta to version 0.10.0 or...

8.7CVSS6.9AI score0.00161EPSS
Exploits0References3
Snyk
Snyk
added 2020/02/04 1:19 p.m.4 views

Command Injection

Overview promise-probe is a FFprobe wrapper. Affected versions of this package are vulnerable to Command Injection via the ffprobefile and createMuteOggoutputFile, options functions. file,outputFile,options can be controlled by users without any sanitization PoC by JHU System Security Lab js var...

9.8CVSS7.2AI score0.01968EPSS
Exploits1References2
Snyk
Snyk
added 2017/09/13 10:0 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...

8.8CVSS8.8AI score0.01318EPSS
Exploits0References2
Rows per page
Query Builder