Svelte: ReDoS in `<svelte:element>` Tag Validation

An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...

Regular Expression Denial of Service (ReDoS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the svelte:element tag validation process. An attacker can cause significant performance degradation by supplying specially crafted ta...

rsyslog Long Tag Off-By-Two Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rsyslog Long Tag Off-By-Two DoS', 'Description' = %q This module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to...

PT-2024-27456 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.5 Discourse versions prior to 3.3.0.beta5 Description: The issue concerns crafting requests to submit very long tag group names, which can reduce the availability of a Discourse instance. Recommendations: For...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse that stems from the fact that writing requests that submit very long tag group names may reduce the...

rsyslog: parseLegacySyslogMsg off-by-two buffer overflow

Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service application exit via a long TAG in a legacy syslog message...