Lucene search
K

5 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-48511

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

7.5CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:14 p.m.26 views

CVE-2026-48511 MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

6.3CVSS0.00231EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 8:2 p.m.22 views

Nerdbank.MessagePack has Inefficient CPU Computation

Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...

5.8AI score
Exploits0References3Affected Software1
Prion
Prion
added 2013/09/18 10:8 a.m.19 views

Design/Logic Flaw

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass...

5CVSS7AI score0.02932EPSS
Exploits0References18Affected Software5
UbuntuCve
UbuntuCve
added 2013/09/17 12:0 a.m.28 views

CVE-2013-1737

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass...

5CVSS6.9AI score0.02932EPSS
Exploits0References4
Rows per page
Query Builder