3 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the api.ParseJSONRequest or api.getContentType functions. An attacker can cause excessive memory consumption by sending requests with either an excessively long OID containing man...
CVE-2025-64179 lakeFS: Unauthenticated access to API usage metrics
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...
PT-2023-30317 · Rundeck · Rundeck
Name of the Vulnerable Software and Affected Versions: Rundeck versions prior to 4.17.3 Description: The issue allows authenticated users to access certain URL paths without necessary authorization checks, providing a list of job names and groups for any project. The affected URLs are...