11 matches found
GHSA-M9GH-VJ53-GVH9 python-engineio has possible denial of service due to maximum payload size sometimes not being enforced
Impact There are two specific configurations of the python-engineio server in which the size of incoming messages is not checked before the messages are loaded into memory. An attacker can take advantage of these to cause unnecessary memory allocations in the python-engineio server. The two cases...
PT-2026-53020
Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...
phoenix 安全漏洞
Phoenix is a web development framework developed under the Phoenix framework open source project. Versions of Phoenix from 1.7.0 to 1.7.22, as well as 1.8.6, have security vulnerabilities. These vulnerabilities stem from the unlimited resource allocation during the processing of NDJSON data...
EUVD-2022-1064
Malicious code in bioql PyPI...
GHSA-J4F2-536G-R55M Resource exhaustion in engine.io
Engine.IO before 4.0.0 and 3.6.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...
CVE-2020-36048
Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...
CVE-2020-36048
Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...
Design/Logic Flaw
Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...
CVE-2020-36048
Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...
CVE-2020-36048
Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...
Socketio Engineio Resource Management Error Vulnerability
Socketio Engineio is a Javascript-based real-time engine for bi-directional communication between browsers and devices from the Socketio community. A security vulnerability exists in Socketio Engine.IO before 4.0.0, which can be exploited by an attacker to cause a denial of service resource...