Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

A critical security flaw has been disclosed in the llamacpppython Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 CVSS score: 9.7, the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If...

GHSA-GPW9-FWM8-7RX7 DoS vulnerability for apps with sockets enabled

Impact In Sails apps =v1.5.6, an attacker can send a virtual request that will cause the node process to crash. Patches This behavior was fixed in Sails v1.5.7 Workarounds Disable the sockets hook and remove the sails.io.js client References https://github.com/balderdashy/sails/pull/7287 Big than...

engine.io Uncaught Exception vulnerability

Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. TypeError: Cannot read properties of undefined reading 'handlesUpgrades' at Server.onWebSocket build/server.js:515:67 This impacts all the users of the engine.io...