@runspace/ataraxia-auth (=0.0.0), @runspace/cli (>=0.1.6 <=0.1.8) +19 more potentially affected by unknown CVE via @stablelib/cbor (>=1.0.1 <=1.0.2)

@stablelib/cbor NPM version =1.0.1, =0.1.6, =0.1.3, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.8.0, =0.9.0, =0.9.0, =0.8.0, =0.8.0, =0.8.0, =0.11.0, =0.11.0, =0.12.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W48F-FWG7-WW6P...

CVE-2020-24753

A memory corruption vulnerability in Objective Open CBOR Run-time oocborrt in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation CBOR input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings...

EUVD-2022-0486

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-25001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. CVE-2019-2500...

ch.admin.bag.covidcertificate:sdk-core (>=1.1.0-dev-3 <=3.3.0-dev-54), com.augustcellars.cose:cose-java (>=1.0.0 <=1.1.0) +28 more potentially affected by CVE-2024-23684 via com.upokecenter:cbor (>=4.0.0 <=4.5)

com.upokecenter:cbor MAVEN version =4.0.0, =1.1.0-dev-3, =1.0.0, =1.2.0, =1.2.0, =1.5.0, =1.5.0, =1.5.0, =6.3.0-RC3, =6.3.0-RC3, =6.3.0-RC3, =1.7.1, =2.3.1, =2.4.0, =3.2.0 and more Source cves: CVE-2024-23684 Source advisory: OSV:GHSA-FJ2W-WFGV-MWQ6...

Boa (>=0.4.0 <=0.13.1), HPGO (=0.9.2) +3707 more potentially affected by unknown CVE via serde_cbor (>=0.10.2 <=0.9.0)

serdecbor CARGO version =0.10.2, =0.4.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2, =0.4.1, =0.8.0, =0.9.0, =0.1.0, =0.1.0, =1.0.0, =1.0.3 - accurate =0.3.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0127...

Denial Of Service (ReDoS)

cbor is vulnerable to denial of service. An attacker is able to cause the package to consume excess system resources resulting in an application crash using deeply nested references or multiple same reference to the same object...

com.augustcellars.cose:cose-java (>=0.9.0 <=0.9.10), com.github.karasiq:nanoboard_2.11 (>=1.2.0 <=1.3.0) +6 more potentially affected by unknown CVE via com.upokecenter:cbor (>=2.4.1 <=3.6.0)

com.upokecenter:cbor MAVEN version =2.4.1, =0.9.0, =1.2.0, =1.3.1, =1.0.0, =1.0.0, =1.4.0, =2.0.0-M14, =2.0.0-RC1 Source cves: unknown CVE Source advisory: OSV:GHSA-MM44-WC5P-WQHQ...