Lucene search
K

44 matches found

Node.js
Node.js
added 2018/01/25 5:2 p.m.91 views

Fastify denial-of-service vulnerability with large JSON payloads

Overview Affected versions of fastify are vulnerable to a denial of service when processing a request with Content-Type set to application/json and a very large payload. Recommendation Update to version 0.38.0 or later. References - Commit fabd2a0 - HackerOne Report 303632 - GitHub Advisory...

5CVSS4.6AI score0.01799EPSS
Exploits1Affected Software1
Hacker One
Hacker One
added 2017/07/02 3:0 p.m.218 views

WakaTime: JSON CSRF on POST Heartbeats API

Thanks @sp1d3rs! WakaTime API used JSON for communications and supported cookie-based authentication/CSRF protection on https://api.wakatime.com. Usually, JSON is CSRF-safe, but only when requests with content-type other than application/json gets rejected or additional CSRF protection is in plac...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/04/01 12:0 a.m.20 views

Fedora 23 : kubernetes-1.2.0-0.15.alpha6.gitf0cd09a.fc23 (2016-a89f5ce5f4)

Update to origin 1.1.3, disable v1beta1, v1beta3, fix application/json content type, don't let hyperkube to parse flags for all commands make it optional ---- Update to origin 1.1.3, disable v1beta1, v1beta3, fix application/json content type, don't let hyperkube to parse flags ---- Update to...

5.5AI score
Exploits0References8
FreeBSD
FreeBSD
added 2015/06/22 12:0 a.m.32 views

devel/ipython -- remote execution

Kyle Kelley reports: Summary: JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack. This affects use...

6.1CVSS6.6AI score0.01762EPSS
Exploits0References1
Rows per page
Query Builder