96 matches found
MAL-2025-8037 Malicious code in @hishprorg/maxime-voluptatum-fugit (npm)
The package @hishprorg/maxime-voluptatum-fugit was found to contain malicious code...
MAL-2025-7273 Malicious code in @crabas0npm/eaque-temporibus-fugit (npm)
The package @crabas0npm/eaque-temporibus-fugit was found to contain malicious code...
Malicious code in @taktikangea/cupiditate-et-fugit-tempore (npm)
The package @taktikangea/cupiditate-et-fugit-tempore was found to contain malicious code...
Malicious code in @kollusietea/unde-eaque-incidunt-fugit (npm)
The package @kollusietea/unde-eaque-incidunt-fugit was found to contain malicious code...
Malicious code in @kollusietea/amet-voluptatum-fugit (npm)
The package @kollusietea/amet-voluptatum-fugit was found to contain malicious code...
Malicious code in @landmineaknpm2/mollitia-eius-fugit (npm)
The package @landmineaknpm2/mollitia-eius-fugit was found to contain malicious code...
MAL-2025-7618 Malicious code in @crabas0npm/voluptates-possimus-laudantium-fugit (npm)
The package @crabas0npm/voluptates-possimus-laudantium-fugit was found to contain malicious code...
Security Bulletin: A vulnerability in fugit gem affects IBM License Metric Tool (CVE-2024-43380).
Summary There is a vulnerability in one of the Ruby gems used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request...
Malicious code in @diotoborg/fugit-at-porro (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5ac933d3ed1d76d5740ba20be148c9ec571641bebecb3314ccec5e0ba9c764be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8487 Malicious code in @diotoborg/occaecati-fugit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 259ab17bc731292dc9d36fac22a2e52418e13c2f5f0d5938096924a322c66654 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/occaecati-fugit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 259ab17bc731292dc9d36fac22a2e52418e13c2f5f0d5938096924a322c66654 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @diotoborg/aliquid-fugit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fb6897b85e41baef00d6f79a5f9cadd887790e1754c85d3e31c8a3b46c4f1ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Denial Of Service (DoS)
Fugit is vulnerable to Denial Of Service DoS. The vulnerability is due to the parser’s lack of input length validation, which allows it to accept and endlessly process input without timely completion...
CVE-2024-43380
A flaw was found in fugit's parser. Due to a lack of user input validation, the natural parser may accept any length of input and will attempt to parse it. The parse can create a thread which will never return, causing high CPU usage, which may lead to a Denial of Service...
GHSA-2M96-52R3-2F3G fugit parse and parse_nat stall on lengthy input
Impact The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check user input leng...
fugit parse and parse_nat stall on lengthy input
Impact The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check user input leng...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' due to the parse and parsenat functions. An attacker can cause a denial of service by sending specially crafted inputs that are excessively long. Workaround Ensure that Fugit.parse...
DEBIAN-CVE-2024-43380
fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...
CVE-2024-43380
fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...
UBUNTU-CVE-2024-43380
fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...