2 matches found
Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to qs (CVE-2025-15284)
Summary The qs package is used in the Gateway Director and UI components. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits f...
Unbounded iteration over all indexes
Handle Dravee Vulnerability details Impact The transactions could fail if the array get too big and the transaction would consume more gas than the block limit. This will then result in a denial of service for the desired functionality and break core functionality. Proof of Concept Tools Used VS...