2 matches found
rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...
Arduino JSON 'extractFrom' function denial of service vulnerability
Arduino JSON is a JSON library that runs on embedded systems. A security vulnerability in the 'extractFrom' function in the Internals/QuotedString.cpp script for Arduino JSON allows a remote attacker to submit a JSON string with a special termination character followed by the ' \ ' character afte...