22 matches found
CVE-2026-42342
A flaw was found in React Router and @remix-run/server-runtime. A remote attacker can exploit this vulnerability by sending certain crafted requests to the manifest endpoint. This can lead to unbounded path expansion, consuming disproportionate server resources. The primary consequence is a denia...
GHSA-8X6R-G9MW-2R78 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...
EUVD-2026-34000
React Router vulnerable to DoS via unbounded path expansion in manifest endpoint...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the manifest endpoint. An attacker can exhaust server resources and cause service disruption by sending specially crafted requests that trigger unbounded path expansion. Note:...
Allocation of Resources Without Limits or Throttling
Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the manifest endpoint. An attacker can exhaust server resources and cause service disruption by sending specially craft...
CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...
CVE-2026-42342
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...
CVE-2026-42342
CVE-2026-42342 affects React Router and Remix Server Runtime: versions 7.0.0–7.14.x of react-router and 2.10.0–2.17.4 of @remix-run/server-runtime are vulnerable to DoS via unbounded path expansion on the __manifest endpoint, causing high resource usage and potential unavailability for Framework ...
PT-2026-45835
Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.14.x @remix-run/server-runtime versions 2.10.0 through 2.17.4 Description Certain crafted requests can cause unbounded path expansion in the " manifest" endpoint, leading to disproportionate server resourc...
AuthKit React Router Library 资源管理错误漏洞
AuthKit React Router Library is an open-source project by WorkOS, used in React Router 7. Versions 7.0.0 to 7.14.x of the library, along with @remix-run/server-runtime 2.10.0 to 2.17.4, have a resource management vulnerability. This vulnerability stems from unbounded path expansion at the manifes...
MiracleLinux 7 : docker-distribution-2.6.2-1.git48294d9.el7 (AXSA:2017-2274:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2274:01 advisory. It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker cou...
EUVD-2022-4077
Malicious code in bioql PyPI...
GLPI SQL注入漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
SUSE CVE-2017-11468
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint...
Docker Registry has Allocation of Resources Without Limits or Throttling
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint. Specific Go Packages Affected...
SUSE: Security Advisory (SUSE-SU-2018:0865-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
docker-distribution: Does not properly restrict the amount of content accepted from a user
It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service...
CVE-2017-11468
It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service...
Design/Logic Flaw
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint...
DEBIAN-CVE-2017-11468
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint...