187 matches found
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE over the /expr endpoint. An authenticated user can execute code or disrupt service by sending malicious serialized data as the code parameter, which is passed to expr.Exec and executed as an expression without...
CVE-2025-15453
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...
CVE-2025-15453 milvus HTTP Endpoint expr.go expr.Exec deserialization
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...
PT-2026-29096
Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.2.0272. Description: Vim versions prior to 9.2.0272 contain a flaw that allows for code execution upon opening a crafted file in the default configuration. This is due to a %expr injection occurring within the tabpanel...
RockyLinux 9 : opentelemetry-collector (RLSA-2025:23729)
The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:23729 advisory. github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 Tenable has extracted the preceding...
GO-2025-4245 Expr has Denial of Service via Unbounded Recursion in Builtin Functions in github.com/expr-lang/expr
Expr has Denial of Service via Unbounded Recursion in Builtin Functions in github.com/expr-lang/expr...
ALSA-2025:23729 Important: opentelemetry-collector security update
Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the impact, a CVSS score,...
github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Linux Distros Unpatched Vulnerability : CVE-2025-68156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean,...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the flatten, min, max, mean, and median functions when processing deeply nested or cyclic data structures. An attacker can cause the application to crash by supplying maliciously...
AZL-72733 CVE-2025-68156 affecting package coredns for versions less than 1.11.4-12
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
DEBIAN-CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
AZL-72736 CVE-2025-68156 affecting package keda for versions less than 2.14.1-9
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
AZL-72727 CVE-2025-68156 affecting package azl-otel-collector 0.127.0-1
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
Expr 安全漏洞
Expr is an expression language and expression evaluation for Go open-sourced by Expr. A security vulnerability exists in versions of Expr prior to 1.17.7, which stems from multiple built-in functions that do not enforce maximum recursion depth, potentially resulting in a stack overflow and proces...
PT-2025-51779
Name of the Vulnerable Software and Affected Versions Expr versions prior to 1.17.7 Description The Expr library, used for expression language and evaluation in Go, contains a flaw where certain builtin functions – including flatten, min, max, mean, and median – can cause a denial of service. The...