EUVD-2024-0832

Malicious code in bioql PyPI...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)

Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)

Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

CVE-2024-29025 Netty HttpPostRequestDecoder can OOM

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

GHSA-5JPM-X58V-624V Netty's HttpPostRequestDecoder can OOM

Summary The HttpPostRequestDecoder can be tricked to accumulate data. I have spotted currently two attack vectors Details 1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consistin...

Netty's HttpPostRequestDecoder can OOM

Summary The HttpPostRequestDecoder can be tricked to accumulate data. I have spotted currently two attack vectors Details 1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consistin...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in versions prior to Netty 4.1.108.Final, which stems from the "HttpPostRequestDecoder"...

PT-2024-2588

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.108.Final Description The issue is related to the HttpPostRequestDecoder in Netty, which can be tricked to accumulate data without limits. This can be achieved by sending a chunked post consisting of many small fiel...

Physician, protect thyself: healthcare cybersecurity circling the drain

No one knows you better than you do. But thanks to technology advances and the continued digitization of healthcare data accumulation and sharing processes, we can also honestly say the same about your healthcare provider. Indeed, every time we get in touch with a health professional, data is...

Moderate: Red Hat Security Advisory: openstack-glance security and bug fix update

Updated openstack-glance packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...