121 matches found
Denial of service due to unlimited number of parts
Impact The multipart body parser accepts an unlimited number of file parts. The multipart body parser accepts an unlimited number of field parts. The multipart body parser accepts an unlimited number of empty parts as field parts. Patches This is fixed in v7.4.1 for Fastify v4.x and v6.0.1 for...
Design/Logic Flaw
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...
CVE-2022-31018 Denial of service binding form from JSON in Play Framework
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...
body-parser-xml code issue vulnerability
body-parser-xml is an XML body parser that converts incoming XML data into a JSON representation. a code issue vulnerability exists in body-parser-xml, which stems from an error in the product's implementation of certain functionality. No details of the vulnerability are currently available...
GHSA-2GHC-6V89-PW9J body-parser-xml vulnerable to Prototype Pollution
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
@hosoft/restful-api-framework (>=1.0.1 <=1.5.3), @iamkenos/fragile (>=0.1.1 <=0.1.5) +28 more potentially affected by CVE-2021-3666 via body-parser-xml (>=1.1.0 <=2.0.1)
body-parser-xml NPM version =1.1.0, =1.0.1, =0.1.1, =1.229.0, =0.0.8, =0.1.0, =0.1.4, =0.1.0, =0.8.2-alpha.2, =0.0.10, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.1.0 - hubot-wework =0.1.0 and more Source cves: CVE-2021-3666 Source advisory: OSV:GHSA-2GHC-6V89-PW9J...
body-parser-xml vulnerable to Prototype Pollution
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
CVE-2021-3666
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
CVE-2021-3666
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
CVE-2021-3666 Prototype Pollution in fiznool/body-parser-xml
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
CVE-2021-3666
CVE-2021-3666 : Vulnerability in body-parser-xml (prototype pollution via Improperly Controlled Modification of Object Prototype Attributes). Multiple connected sources confirm this CVE; CVSS details (3.1) show a NETWORK attack vector, no privileges required, no user interaction, and high impact ...
@iamkenos/fragile (>=0.1.1 <=0.1.5) potentially affected by CVE-2021-3666 via body-parser-xml (=2.0.1)
body-parser-xml NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser-xml and may be impacted: - @iamkenos/fragile =0.1.1, =0.1.5 Source cves: CVE-2021-3666 Source advisory: SNYK:JS-BODYPARSERXML-1584211...
Prototype Pollution
Overview body-parser-xml is a XML parser middleware for express.js. Affected versions of this package are vulnerable to Prototype Pollution. The prototype of req.body can be polluted. PoC const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser...
GHSA-JQFH-8HW5-FQJR Improper Handling of Exceptional Conditions in detect-character-encoding
Impact In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. Patches The problem has been patched in detect-character-encoding v0.7.0. CVSS score CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O/RC:C Base Score: 7.5 High Temporal Score: 7....
Prototype Pollution
body-parser-xml is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype in the index.js...
Out-of-bounds
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet...
CVE-2017-9359
CVE-2017-9359 affects the PJProject/PJSIP multi-part body parser used by Asterisk Open Source (13.x prior to 13.15.1; 14.x prior to 14.4.1) and Certified Asterisk (and other products). The vulnerability arises in the body parser handling crafted packets, allowing remote attackers to cause a denia...
Asterisk Multiple DoS Vulnerabilities (May 2017)
Asterisk is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)
The Asterisk project reports : A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...
asterisk -- Buffer Overrun in PJSIP transaction layer
The Asterisk project reports: A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...