1662 matches found
CVE-2026-56138
AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...
CVE-2026-56138
CVE-2026-56138 affects the AIL framework. A path traversal vulnerability exists in the /objects/item/diff endpoint, where an authenticated user can supply item identifiers via the s1 and s2 query parameters. Before the fix, the service could read gzip-compressed files accessible to the AIL proces...
CVE-2026-56138 Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files
AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...
Python Library Tornado < 6.5.6 Multiple Vulnerabilities
The version of the Tornado Python library installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities: - When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
CVE-2026-53430
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...
EUVD-2026-37014
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...
CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...
CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...
CVE-2026-53430
CVE-2026-53430 describes a DoS in elixir-grpc GRPC.Compressor.Gzip.decompress/1 where :zlib.gunzip/1 is called directly on attacker-controlled input without a decompressed-size limit, enabling a gzip decompression bomb. The registered gzip GRPC.Compressor runs automatically for frames with grpc-e...
EEF-CVE-2026-53430 grpc gzip decompression bomb in GRPC.Compressor.Gzip.decompress/1
Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex,...
tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)
Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...
GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)
Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...
GHSA-6PH5-FWW6-VFWV NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...
NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...
EUVD-2026-36494
Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...
PT-2026-48924
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...
NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can supply an...
PT-2026-48688
Name of the Vulnerable Software and Affected Versions netty-codec-http2 versions prior to 4.1.135.Final netty-codec-http2 versions prior to 4.2.15.Final Description The DelegatingDecompressorFrameListener class manages HTTP/2 decompression by using a per-stream EmbeddedChannel to run decompressio...
org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...