15 matches found
Malicious Package
Overview strapi-plugin-blurhash is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren...
EUVD-2023-2491
Malicious code in bioql PyPI...
CVE-2023-42447
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...
blurhash-cli (>=0.1.0 <=0.1.1), yozuk-core-skillset (>=0.16.3 <=0.22.11) +1 more potentially affected by CVE-2023-42447 via blurhash (=0.1.1)
blurhash CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on blurhash and may be impacted: - blurhash-cli =0.1.0, =0.16.3, =0.16.0, =0.22.11 Source cves: CVE-2023-42447 Source advisory: OSV:GHSA-CXVP-82CQ-57H2...
GHSA-CXVP-82CQ-57H2 blurhash panics on parsing crafted inputs
Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-...
blurhash panics on parsing crafted inputs
Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-...
CVE-2023-42447
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...
CVE-2023-42447
CVE-2023-42447 affects blurhash-rs, a Rust implementation of Blurhash. The vulnerability arises in the 0.1.1 parsing code, which may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input (including UTF-8 multi-byte characters) fed over the network. In practice, this could ...
CVE-2023-42447 blurhash panics on parsing crafted inputs
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...
CVE-2023-42447 blurhash panics on parsing crafted inputs
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...
CVE-2023-42447 blurhash panics on parsing crafted inputs
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...
blurhash: panic on parsing crafted blurhash inputs
Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-...
blurhash-cli (>=0.1.0 <=0.1.1), yozuk-core-skillset (>=0.16.3 <=0.22.11) +1 more potentially affected by CVE-2023-42447 via blurhash (=0.1.1)
blurhash CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on blurhash and may be impacted: - blurhash-cli =0.1.0, =0.16.3, =0.16.0, =0.22.11 Source cves: CVE-2023-42447 Source advisory: OSV:RUSTSEC-2023-0083...
RUSTSEC-2023-0083 blurhash: panic on parsing crafted blurhash inputs
Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-...
blurhash-rs security vulnerability
blurhash-rs is a pure Rust implementation of Blurhash. A security vulnerability exists in blurhash-rs version 0.1.1, which stems from an out-of-bounds access when guarding multiple times against untrusted inputs, and may cause a panic in the blurhash parsing code...