12 matches found
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM
Summary hackneyh3:awaitresponseloop/6 in src/hackneyh3.erl accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer, not a wall-clock deadline: every received streamdata chunk, housekeeping select message, or settings frame...
UBUNTU-CVE-2024-48943
A malicious RPKI rsync repository can prevent Fort from finishing its validation run by drip-feeding its content...
drip-tools.connectify.co Cross Site Scripting vulnerability OBB-3868870
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Drip Feed Content Extended for Learndash Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Drip Feed Content Extended for Learndash Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cab77cdefc15 Credits Rafie...
M-05 Unmitigated
Lines of code Vulnerability details Mitigation of M-05: Issue NOT mitigated Mitigated issue M-05: Virgin stake can claim all drops Fix: code-423n4/2023-05-xeth@aebc324 The issue is that if dripping is enabled when totalSupply == 0 the entire amount dripped will immediately accrue to the first...
M-10 Unmitigated
Lines of code Vulnerability details Mitigation of M-10: Issue NOT mitigated Mitigated issue M-10: First 1 wei deposit can produce lose of user xETH funds in wxETH Fix: code-423n4/2023-05-xeth@fbb2972 The issue is similar to the standard inflation attack, except that instead of the attacker's...
M-05 Unmitigated
Lines of code Vulnerability details The mitigation makes accrueDrip is disable until the totalSupply 0. But the lastReport blocknumber is not updated. So all the dripped rewards still are collected by the first staker when the drip modifier is called at the second time. Impact If wxETH drips when...
M-05 Unmitigated
Lines of code code-423n4/2023-05-xeth@aebc324L230 Vulnerability details If wxETH drips when nothing is staked, then the first staker can claim every drop. Mitigation code-423n4/2023-05-xeth@aebc324 This PR is added in the method accrueDrip to return if totalSupply == 0 to avoid dropping at 0. But...
Virgin stake can claim all drops
Lines of code Vulnerability details Impact If wxETH drips when nothing is staked, then the first staker can claim every drop. Proof of Concept Suppose drip is enabled when totalSupply == 0. At least one block passes and the first staker stakes, just 1 xETH is enough. This mints her 1 wxETH. This...
WordPress Drip Feed Content Extended for Learndash plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Drip Feed Content Extended for Learndash plugin versions = 1.1. Solution No patched version available...
UBUNTU-CVE-2021-3909
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip...
CVE-2021-3909
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip...