Lucene search
+L

151 matches found

Microsoft CVE
Microsoft CVE
added 2025/12/10 9:3 a.m.4 views

urllib3 Streaming API improperly handles highly compressed data

...

8.9CVSS7AI score0.00633EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/09 4:54 a.m.8 views

Security Bulletin: Netty Affected by Decompression Flaw Where BrotliDecoder Allocates Unlimited Buffers, Enabling DoS, affects watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...

7.5CVSS6.5AI score0.00561EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/05 6:15 p.m.18 views

urllib3 streaming API improperly handles highly compressed data

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/05 5:16 p.m.11 views

CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

8.9CVSS0.00633EPSS
Exploits0References2
OSV
OSV
added 2025/12/05 5:16 p.m.10 views

ALPINE-CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

7.5CVSS5.8AI score0.00633EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 5:16 p.m.8 views

UBUNTU-CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

8.9CVSS6.9AI score0.00633EPSS
Exploits0References10
Snyk
Snyk
added 2025/12/05 4:40 p.m.5 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the Streaming API. The ContentDecoder class can be forced to allocate disproportionate...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 4:6 p.m.2 views

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

8.9CVSS6.4AI score0.00633EPSS
Exploits0References2
CVE
CVE
added 2025/12/05 4:6 p.m.71 views

CVE-2025-66471

CVE-2025-66471 affects urllib3’s streaming API handling of compressed HTTP responses in Python. The issue arises when streaming a highly compressed payload, where decompression could process data in a way that uses excessive CPU and memory, potentially from the decompression buffer behavior noted...

8.9CVSS6.4AI score0.00633EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/05 4:6 p.m.23 views

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

8.9CVSS0.00633EPSS
Exploits0References2
OSV
OSV
added 2025/12/05 4:6 p.m.9 views

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-0197

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.01184EPSS
Exploits0References11
Snyk
Snyk
added 2025/07/10 5:50 p.m.1 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the scenario decoding process. An attacker can cause excessive resource consumption by submitting a specially crafted zip archive that decompresses to a very large size...

9.8CVSS6.9AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/21 6:33 p.m.2 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via a specially crafted wxapkg file. An attacker can cause resource consumption by sending specially crafted zip files that exploit the decompression process and convincing ...

3.1CVSS6.8AI score0.0036EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/05 7:32 p.m.3 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Improper...

6.8CVSS7AI score0.00411EPSS
Exploits1References2
OSV
OSV
added 2025/03/26 5:24 p.m.9 views

GO-2025-3533 Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter...

7.5CVSS6.7AI score0.00497EPSS
Exploits0References6
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to the improper handling of highly compressed data. An attacker can cause the server to become unresponsive and exhaust system memory by uploading and repeatedly parsing...

8.7CVSS6.9AI score0.00719EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 9:30 a.m.5 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation Upgrade org.apache.seata:seata-compressor-zstd to version...

5.3CVSS6.9AI score0.00567EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 9:30 a.m.4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in ZstdUtil. An attacker can cause degradation in performance by sending very large compressed data. Remediation There is no fixed version for io.seata:seata-compressor-zstd...

5.3CVSS6.9AI score0.00567EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/19 6:12 p.m.1 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the ZipFileBodyDecoder. An attacker can trigger an out-of-memory condition, leading to server crashes or degraded performance by uploading a specially crafted ZIP fi...

8.7CVSS6.9AI score0.00497EPSS
Exploits0References2
Rows per page
Query Builder