10 matches found
NPM: Svelte devalue: DoS via sparse array deserialization
NPM: Svelte devalue: DoS via sparse array deserialization vulnerability discovered by ? in WordPress Npm devalue versions = 5.6.3, = 5.8.0...
CVE-2026-23957
Summary (CVE-2026-23957) : The vulnerability affects the Seroval library, where an attacker can cause notably increased processing time during deserialization by overriding encoded array lengths with an excessively large value. This leads to a Denial of Service condition for versions 1.4.0 and ea...
CVE-2026-23957 seroval is vulnerable to Denial of Service via array serialization
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
CVE-2018-17480
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
CVE-2018-17480
CVE-2018-17480 is a Chrome/Chromium vulnerability in the V8 JavaScript engine: an out-of-bounds write that could enable remote code execution inside the sandbox via a crafted HTML page. Connected advisories confirm the impact across Chromium-based browsers and list the fixed-upstream version as 7...
CVE-2018-17480
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
CVE-2018-17480
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed...
chromium-browser: Out of bounds write in V8
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
CVE-2018-17480
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...