Lucene search
+L

157 matches found

github
github
added 2022/11/14 12:0 p.m.31 views

Pillow vulnerable to Data Amplification attack.

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS7.5AI score0.01184EPSS
Exploits0References10Affected Software1
osv
osv
added 2022/11/14 12:0 p.m.27 views

GHSA-M2VV-5VJ5-2HM7 Pillow vulnerable to Data Amplification attack.

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

8.7CVSS7.5AI score0.01184EPSS
Exploits0References10
nvd
nvd
added 2022/11/14 7:15 a.m.11 views

CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS0.01184EPSS
Exploits0References6
osv
osv
added 2022/11/14 7:15 a.m.1 views

DEBIAN-CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS6.7AI score0.01184EPSS
Exploits0References1
prion
prion
added 2022/11/14 7:15 a.m.22 views

Design/Logic Flaw

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

5CVSS7.4AI score0.01184EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2022/11/14 7:15 a.m.3 views

CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS6.8AI score0.01184EPSS
Exploits0References7
pypa
pypa
added 2022/11/14 7:15 a.m.6 views

PYSEC-2022-42979

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS7AI score0.01184EPSS
Exploits0References6Affected Software1
osv
osv
added 2022/11/14 7:15 a.m.49 views

PYSEC-2022-42979

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS2.5AI score0.01184EPSS
Exploits0References6
osv
osv
added 2022/11/14 7:15 a.m.2 views

UBUNTU-CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS6.8AI score0.01184EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2022/11/14 12:0 a.m.70 views

CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.5CVSS6.8AI score0.01184EPSS
Exploits0References4
cve
cve
added 2022/11/14 12:0 a.m.128 views

CVE-2022-45198

CVE-2022-45198 affects Pillow up to version 9.2.0, where improper handling of highly compressed GIF data (Data Amplification) can cause abnormal resource usage. Public sources confirm Pillow prior to 9.2.0 is vulnerable; advisories reference upgrades to mitigate. Debian LTS notes Pillow updates (...

7.5CVSS7.4AI score0.01184EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2022/11/14 12:0 a.m.28 views

CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...

7.8AI score0.01184EPSS
Exploits0References6
github
github
added 2022/02/10 8:23 p.m.35 views

Data Amplification in Play Framework

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

7.5CVSS7.3AI score0.01386EPSS
Exploits0References4Affected Software1
osv
osv
added 2022/02/10 8:23 p.m.24 views

GHSA-R8RM-4HFJ-2X87 Data Amplification in Play Framework

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input...

7.5CVSS7.5AI score0.01386EPSS
Exploits0References3
github
github
added 2022/02/09 10:54 p.m.52 views

Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

4CVSS4.6AI score0.00957EPSS
Exploits0References4Affected Software1
osv
osv
added 2022/02/09 10:54 p.m.22 views

GHSA-V9MF-JGQ3-C28H Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

2.7CVSS3.4AI score0.00957EPSS
Exploits0References3
github
github
added 2021/05/07 3:50 p.m.49 views

Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Impact A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. Patches Version 0.31.0 restricts websocket frame to reasonable limits. Workarounds Restricting memory usa...

5.3CVSS1.5AI score0.01807EPSS
Exploits0References7Affected Software1
osv
osv
added 2021/05/07 3:50 p.m.38 views

GHSA-9P9M-JM8W-94P2 Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Impact A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. Patches Version 0.31.0 restricts websocket frame to reasonable limits. Workarounds Restricting memory usa...

6.9CVSS5.4AI score0.01807EPSS
Exploits0References7
cvelist
cvelist
added 2021/05/07 2:30 p.m.33 views

CVE-2021-21419 Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS5.8AI score0.01807EPSS
Exploits0References3
nvd
nvd
added 2020/12/03 5:15 p.m.43 views

CVE-2020-28923

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

4CVSS3.6AI score0.00957EPSS
Exploits0References2
Rows per page
Query Builder