9 matches found
grafana-11.6.14+security01-4.1 on GA media (moderate)
grafana-11.6.14+security01-4.1 on GA media Announcement ID: openSUSE-SU-2026:10922-1 Rating: moderate Cross-References: CVE-2025-30153 CVSS scores: CVE-2025-30153 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...
mcphost-0.34.0-1.1 on GA media (moderate)
mcphost-0.34.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10731-1 Rating: moderate Cross-References: CVE-2025-30153 CVE-2026-32285 CVE-2026-33186 CVSS scores: CVE-2025-30153 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-32285 SUSE : 5.5...
CVE-2025-30153 vulnerabilities
Vulnerabilities for packages: timoni, nuclei, gptscript, dataplaneapi...
CVE-2025-30153 vulnerabilities
Vulnerabilities for packages: dataplaneapi-fips, dataplaneapi, timoni, nuclei, gptscript...
CVE-2025-30153
kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...
CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...
CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...
CVE-2025-30153
CVE-2025-30153 affects kin-openapi (Go) prior to 0.131.0. The issue occurs when validating a request with a multipart/form-data schema: if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb) that causes the server to exhaust memory. The root cause is the Zip...
CVE-2025-30153 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter
kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file e.g., a ZIP bomb, causing the server to consume all available system memory. The root...