Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 12:46 a.m.16 views

Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS

Summary HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br Brotli, zstd, or...

7.5CVSS5.9AI score0.00863EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2026/04/25 5:49 a.m.7 views

OESA-2026-2065 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. of CVE-2022-22815,CVE-2022-22816 Security Fixes: Pillow is a Python imaging library. Versions 10.3.0...

8.7CVSS5.4AI score0.00671EPSS
Exploits0References2
Amazon
Amazon
added 2026/02/05 12:0 a.m.7 views

Important: python-pip

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...

8.9CVSS5.5AI score0.02667EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/07 10:9 p.m.8 views

CVE-2026-21441 urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.1AI score0.02667EPSS
Exploits0References2
Rows per page
Query Builder