20 matches found
CVE-2026-48593
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
CVE-2026-48593
CVE-2026-48593 describes an uncontrolled resource consumption in oban_web’s cron rendering. The issue arises in the Elixir CronExpr describe/1 rendering path where unbounded cron ranges (e.g., 1-100000000) are parsed by parse_range/1 without bounds checks, then expand_dom_parts/1 and expand_dow_p...
CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
EEF-CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web
Summary Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user...
CVE-2026-48593
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web
Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
PT-2026-43408
Uncontrolled Resource Consumption vulnerability in oban-bg oban web 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...
GHSA-X62Q-P736-3997 Grav is vulnerable to a DOS on the admin panel
DOS on the admin panel Severity Rating: Medium Vector: Denial Of Service CVE: XXX CWE: 400 - Uncontrolled Resource Consumption CVSS Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Analysis A Denial of Service DoS vulnerability has been identified in the application related to...
EUVD-2025-200107
Grav is vulnerable to a DOS on the admin panel...
Denial of Service (DoS)
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Denial of Service DoS via improper handling of the scheduledat parameter. An attacker can cause the admin panel to become non-functional by...
CVE-2025-66303
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...
CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...
CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...
CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...
Fedora: Security Advisory for golang-github-gorhill-cronexpr (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-gorhill-cronexpr-1.0.0-5.fc36
Given a cron expression and a time stamp, you can get the next time stamp whi ch satisfies the cron expression. In another project, I decided to use cron expression syntax to encode schedul ing information. Thus this standalone library to parse and apply time stamps to c ron expressions. The...
Fedora: Security Advisory for golang-github-gorhill-cronexpr (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-gorhill-cronexpr-1.0.0-4.fc36
Given a cron expression and a time stamp, you can get the next time stamp whi ch satisfies the cron expression. In another project, I decided to use cron expression syntax to encode schedul ing information. Thus this standalone library to parse and apply time stamps to c ron expressions. The...
Cron Utils Injection Vulnerability
Cron Utils is a Java codebase for authenticating, parsing, and migrating Cron expressions from the individual developers at Jmrozanec. An injection vulnerability exists in Cron-utils versions prior to 9.1.3, which can be exploited by an attacker to be able to inject arbitrary Java EL expressions,...
Jenkins < 2.138.4 LTS / 2.150.1 LTS / 2.154 Multiple Vulnerabilities
The version of Jenkins running on the remote web server is prior to 2.154 or is a version of Jenkins LTS prior to 2.138.4 or 2.150.1. It is, therefore, affected by multiple vulnerabilities: - A command execution vulnerability exists in the Stapler web framework used in Jenkins due to certain...