Lucene search
K

121 matches found

github
github
added 2023/02/14 9:49 p.m.25 views

Denial of service due to unlimited number of parts

Impact The multipart body parser accepts an unlimited number of file parts. The multipart body parser accepts an unlimited number of field parts. The multipart body parser accepts an unlimited number of empty parts as field parts. Patches This is fixed in v7.4.1 for Fastify v4.x and v6.0.1 for...

7.5CVSS7.2AI score0.01463EPSS
Exploits0References7Affected Software1
prion
prion
added 2022/06/02 5:15 p.m.21 views

Design/Logic Flaw

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

5CVSS7.5AI score0.01573EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2022/06/02 4:45 p.m.7 views

CVE-2022-31018 Denial of service binding form from JSON in Play Framework

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

7.5CVSS7.5AI score0.01573EPSS
Exploits0References3
cnvd
cnvd
added 2021/09/15 12:0 a.m.17 views

body-parser-xml code issue vulnerability

body-parser-xml is an XML body parser that converts incoming XML data into a JSON representation. a code issue vulnerability exists in body-parser-xml, which stems from an error in the product's implementation of certain functionality. No details of the vulnerability are currently available...

9.8CVSS3.5AI score0.01299EPSS
Exploits1References1
osv
osv
added 2021/09/14 8:25 p.m.76 views

GHSA-2GHC-6V89-PW9J body-parser-xml vulnerable to Prototype Pollution

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

7.6CVSS9.4AI score0.01299EPSS
Exploits1References4
vulnersosv
vulnersosv
added 2021/09/14 8:25 p.m.6 views

@hosoft/restful-api-framework (>=1.0.1 <=1.5.3), @iamkenos/fragile (>=0.1.1 <=0.1.5) +28 more potentially affected by CVE-2021-3666 via body-parser-xml (>=1.1.0 <=2.0.1)

body-parser-xml NPM version =1.1.0, =1.0.1, =0.1.1, =1.229.0, =0.0.8, =0.1.0, =0.1.4, =0.1.0, =0.8.2-alpha.2, =0.0.10, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.1.0 - hubot-wework =0.1.0 and more Source cves: CVE-2021-3666 Source advisory: OSV:GHSA-2GHC-6V89-PW9J...

9.8CVSS7.1AI score0.01299EPSS
Exploits1
github
github
added 2021/09/14 8:25 p.m.59 views

body-parser-xml vulnerable to Prototype Pollution

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

9.8CVSS8.9AI score0.01299EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2021/09/13 6:15 p.m.13 views

CVE-2021-3666

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

9.8CVSS0.01299EPSS
Exploits1References2
osv
osv
added 2021/09/13 6:15 p.m.15 views

CVE-2021-3666

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

9.8CVSS9.4AI score
Exploits0References2
cvelist
cvelist
added 2021/09/13 5:56 p.m.18 views

CVE-2021-3666 Prototype Pollution in fiznool/body-parser-xml

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

7.6CVSS9.7AI score0.01299EPSS
Exploits1References2
cve
cve
added 2021/09/13 5:56 p.m.55 views

CVE-2021-3666

CVE-2021-3666 : Vulnerability in body-parser-xml (prototype pollution via Improperly Controlled Modification of Object Prototype Attributes). Multiple connected sources confirm this CVE; CVSS details (3.1) show a NETWORK attack vector, no privileges required, no user interaction, and high impact ...

9.8CVSS8.6AI score0.01299EPSS
Exploits1References2Affected Software1
vulnersosv
vulnersosv
added 2021/09/12 11:30 a.m.4 views

@iamkenos/fragile (>=0.1.1 <=0.1.5) potentially affected by CVE-2021-3666 via body-parser-xml (=2.0.1)

body-parser-xml NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser-xml and may be impacted: - @iamkenos/fragile =0.1.1, =0.1.5 Source cves: CVE-2021-3666 Source advisory: SNYK:JS-BODYPARSERXML-1584211...

9.8CVSS7.1AI score0.01299EPSS
Exploits1
snyk
snyk
added 2021/09/12 11:30 a.m.2 views

Prototype Pollution

Overview body-parser-xml is a XML parser middleware for express.js. Affected versions of this package are vulnerable to Prototype Pollution. The prototype of req.body can be polluted. PoC const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser...

9.8CVSS8.3AI score0.01299EPSS
Exploits1References2
osv
osv
added 2021/08/25 2:44 p.m.15 views

GHSA-JQFH-8HW5-FQJR Improper Handling of Exceptional Conditions in detect-character-encoding

Impact In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. Patches The problem has been patched in detect-character-encoding v0.7.0. CVSS score CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O/RC:C Base Score: 7.5 High Temporal Score: 7....

7.5CVSS7.4AI score0.02068EPSS
Exploits1References6
veracode
veracode
added 2021/05/24 9:48 a.m.15 views

Prototype Pollution

body-parser-xml is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype in the index.js...

9.8CVSS4AI score0.01299EPSS
Exploits1References4Affected Software1
prion
prion
added 2017/06/02 5:29 a.m.13 views

Out-of-bounds

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet...

5CVSS6.9AI score0.03796EPSS
Exploits0References5Affected Software2
cve
cve
added 2017/06/02 5:4 a.m.61 views

CVE-2017-9359

CVE-2017-9359 affects the PJProject/PJSIP multi-part body parser used by Asterisk Open Source (13.x prior to 13.15.1; 14.x prior to 14.4.1) and Certified Asterisk (and other products). The vulnerability arises in the body parser handling crafted packets, allowing remote attackers to cause a denia...

7.5CVSS7.1AI score0.03796EPSS
Exploits0References5Affected Software1
openvas
openvas
added 2017/05/23 12:0 a.m.19 views

Asterisk Multiple DoS Vulnerabilities (May 2017)

Asterisk is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.5AI score0.03989EPSS
Exploits0References3
nessus
nessus
added 2017/05/22 12:0 a.m.13 views

FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)

The Asterisk project reports : A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...

5.7AI score
Exploits0References3
freebsd
freebsd
added 2017/04/12 12:0 a.m.24 views

asterisk -- Buffer Overrun in PJSIP transaction layer

The Asterisk project reports: A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...

2.1AI score
Exploits0References2
Rows per page
Query Builder