Denial of Service (DoS)

Overview fastify-multipart is a Multipart plugin for Fastify Affected versions of this package are vulnerable to Denial of Service DoS. By providing a name=constructor property it is still possible to crash the application. Note: This is a bypass of CVE-2020-8136...

PYSEC-2022-97

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

PYSEC-2022-91

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

CVE-2022-23588

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

CVE-2021-23470

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

CVE-2021-23470 Prototype Pollution

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

putil-merge 安全漏洞

putil-merge is an open source solution for merging two or more objects. It supports deep merging, cloning attributes, copying descriptors and filtering. A security vulnerability exists in putil-merge versions prior to 3.8.0, which stems from the merge function not checking the values of incoming...

Prototype Pollution

Overview putil-merge is a Lightweight solution for merging multiple objects into one. Also it supports deep merge. Affected versions of this package are vulnerable to Prototype Pollution. The merge function does not check the values passed into the argument. An attacker can supply a malicious val...

GHSA-W4HP-PCP8-QHF3 Cross-site Scripting in livehelperchat

Stored XSS is found in SettingsLive help configurationDepartments-Departments groups-edit When a user creates a new webhook under the NAME field and puts a payload constructor.constructor'alert1', the input gets stored, at user edit groupname , the payload gets executed...

CVE-2021-46490

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service DoS...

_supportDexs array length not checked in constructor

Handle jayjonah8 Vulnerability details Impact In OpenLevDelegator.sol an array of supportDexs is passed to the constructor function and then passed to the delegateTo function but the supportDexs arrays length is not checked which can result in costly errors. Proof of Concept Tools Used Manual cod...

CVE-2021-46482

Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c...

CVE-2021-46477

Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExpconstructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46477

Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExpconstructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service DoS...

Heap overflow

Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExpconstructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service DoS...

Jsish 缓冲区错误漏洞

Jsish is a small JavaScript parser with a built-in database written in C. A denial of service vulnerability exists in Jsish v3.5.0, which stems from a failure to properly handle incoming error messages. An attacker can cause a denial of service DoS via the RegExpconstructor in src/jsiRegexp.c...

Jsish 缓冲区错误漏洞

Jsish is a small JavaScript parser with a built-in database written in C. A denial of service vulnerability exists in Jsish v3.5.0, which is caused by a failure to properly handle incoming error messages and could lead to a denial of service DoS via the NumberConstructor in src/jsiNumber.c...

JerryScript 安全漏洞

JerryScript, a lightweight JavaScript engine from the JerryScript project, has a security vulnerability in JerryScript 3.0.0, which originates in /parser/js/js-parser-expr.cparserparseclassbody. classbody has a failed assertion opts & PARSERCLASSLITERALCTORPRESENT. No detailed vulnerability detai...

No check that DEFAULT_ADMIN_ROLE is not the LivepeerToken contract itself

Handle jayjonah8 Vulnerability details Impact In LivepeerToken.sol the constructor sets the DEFAULTADMINROLE but does not ensure that the msgSender is not the contract itself. This is an important check to make in order to avoid costly mistakes during deployment. Proof of Concept LivepeerToken.so...

no check that DEFAULT_ADMIN_ROLE is not the contract itself in L1Escrow.sol

Handle jayjonah8 Vulnerability details Impact In L1Escrow.sol the constructor sets up the DEFAULTADMINROLE without requiring that the msgSender is not the L1Escrow contract itself. Proof of Concept constructor setupRoleDEFAULTADMINROLE, msgSender; Tools Used Manual code review Recommended...