6 matches found
Regular Expression Denial of Service (ReDoS)
Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the svelte:element tag validation process. An attacker can cause significant performance degradation by supplying specially crafted ta...
Svelte: ReDoS in `<svelte:element>` Tag Validation
An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...
rsyslog Long Tag Off-By-Two Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rsyslog Long Tag Off-By-Two DoS', 'Description' = %q This module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse that stems from the fact that writing requests that submit very long tag group names may reduce the...
PT-2024-27456 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.5 Discourse versions prior to 3.3.0.beta5 Description: The issue concerns crafting requests to submit very long tag group names, which can reduce the availability of a Discourse instance. Recommendations: For...
rsyslog: parseLegacySyslogMsg off-by-two buffer overflow
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service application exit via a long TAG in a legacy syslog message...