Lucene search
+L

5 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-61449

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44647

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS6.1AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-61449 Grav before 2.0.2 Decompression Bomb via Forged ZIP Size

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS0.00247EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-61449 Grav before 2.0.2 Decompression Bomb via Forged ZIP Size

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS6.1AI score0.00247EPSS
Exploits0References4
CVE
CVE
added 2 days ago7 views

CVE-2026-61449

Summary of CVE-2026-61449 (Grav): Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM Installer. The new per-entry size bound (ZipArchive::statIndex()['size']) is summed against system.gpm.archive.max_uncompressed_size and blocks extraction before it, but the declared ...

7.1CVSS6.1AI score0.00247EPSS
Exploits0References2
Rows per page
Query Builder