RPi-Jukebox-RFID 安全漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It plays audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A security vulnerability exists in RPi-Jukebox-RFID version v2.7.0, which contains a remot...

CVE-2024-43380 fugit parse and parse_nat stall on lengthy input

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...

fugit 安全漏洞

fugit is a floraison open source time tool for Ruby, rufus-scheduler and flor. A security vulnerability exists in versions of fugit prior to 1.11.1, which stems from improper user input length checking, and may result in a thread being occupied for an extended period of time without being able to...