Narayana deadlock via multiple join requests sent to LRA Coordinator

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...

CVE-2024-8447

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...

CVE-2024-8447 Narayana: deadlock via multiple join requests sent to lra coordinator

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...

CVE-2024-8447

CVE-2024-8447 describes a deadlock in Narayana’s LRA Coordinator: when Cancel is followed by a Join on the same LRA within ~2 seconds, the application may crash or hang, causing a denial of service. The issue is addressed in Red Hat advisories RHSA-2025:3357/3358 for JBoss EAP XP 5.0 and EAP 8.x,...

PT-2024-16872 · WordPress · Increase Maximum Upload File Size | Increase Execution Time Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress versions up to, and including, 1.1.3 Description: The issue allows authenticated attackers with author-level permissions and above to retrieve the full path of t...

CVE-2024-9611 Increase upload file size & Maximum Execution Time limit <= 2.0 - Reflected Cross-Site Scripting

The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers t...

CVE-2024-9611

CVE-2024-9611 refers to the WordPress plugin “Increase upload file size & Maximum Execution Time limit” with vulnerable code that uses add_query_arg without proper escaping, enabling Reflected Cross‑Site Scripting in all versions up to 2.0. This allows unauthenticated attackers to inject scripts ...

WordPress Increase upload file size & Maximum Execution Time limit plugin <= 2.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Increase upload file size & Maximum Execution Time limit versions = 2.0...

WordPress Increase upload file size & Maximum Execution Time limit Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Increase upload file size & Maximum Execution Time limit Type Plugin Vulnerable versions = 2.0 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9611 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

CVE-2024-30949

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the gettimeofday function...

Rootstock Labs: Crafted smart contract can take ~23 seconds to execute due to immense error string construction

The crafted smart contract can take approximately 23 seconds to execute due to the immense error string construction. The vulnerability was caused by the native contract's implementation, which constructed the entirety of the input message as a hex string for logging and throwing an exception. Th...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ruby Vulnerability (NS-SA-2024-0012)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ruby packages installed that are affected by a vulnerability: - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. ...

Rocky Linux 8 : ruby:3.1 (RLSA-2024:1431)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1431 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

AlmaLinux 8 : ruby:3.1 (ALSA-2024:1431)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1431 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

BIT-GITLAB-2020-26414

An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string...

BIT-RUBY-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

MAL-2024-1009 Malicious code in execution-time-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cfb518a6f8c71bfcbaea6494b888189e261a9f7a6be487568339baeb334ad7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in execution-time-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1cfb518a6f8c71bfcbaea6494b888189e261a9f7a6be487568339baeb334ad7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-2666)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

Authorization

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...