66 matches found
CVE-2026-41146
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a...
CVE-2026-41146 facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop with unreachable exit condition
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a...
CVE-2026-41146
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a...
CVE-2026-41146
facil.io (C micro-framework) contains a vulnerability in fio_json_parse that can enter an infinite loop when parsing a nested JSON value starting with i or I, causing a CPU core to be pegged at ~100% and not returning a parse error. The issue also affects downstream iodine Ruby gem that vendors t...
CVE-2026-41146 facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop with unreachable exit condition
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a...
PT-2026-34238
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fio json parse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning...
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem
Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a parse error. Because iodine vendors the same parser code, the issue also affects iodine when it parses...
Infinite loop
Overview iodine is a fast HTTP / Websocket Server with built-in Pub/Sub support with or without Redis, static file support and many other features, optimized for Ruby MRI on Linux / BSD / macOS. Affected versions of this package are vulnerable to Infinite loop through the fiojsonparse function. A...
GHSA-2X79-GWQ3-VXXM Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem
Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a parse error. Because iodine vendors the same parser code, the issue also affects iodine when it parses...
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem
Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100 instead of returning a parse error. Because iodine gem vendors the same parser code, the issue also affects iodine gem when it...
EUVD-2006-5765
Malware in sbrugna...
EUVD-2006-4818
Malware in sbrugna...
EUVD-2019-0692
Malware in sbrugna...
CVE-2024-22050
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs...
Path Traversal
iodine is vulnerable to Path Traversal . The vulnerability is due to improper validation or URL's allowrf to manipulate the static file server. This issue can be exploited by an attacker to read files outside the public folder via a malicious URL...
GHSA-QWF7-RV77-FCR3 Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-85rf-xh54-whp3. This link is maintained to preserve external references. Original Description Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to re...
CVE-2024-22050
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs...
CVE-2024-22050
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs...
Path traversal
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs...
CVE-2024-22050 Iodine Static File Server Path Traversal Vulnerability
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs...