Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.5 views

CVE-2026-42342

A flaw was found in React Router and @remix-run/server-runtime. A remote attacker can exploit this vulnerability by sending certain crafted requests to the manifest endpoint. This can lead to unbounded path expansion, consuming disproportionate server resources. The primary consequence is a denia...

7.5CVSS5.7AI score0.00299EPSS
Exploits0References4
OSV
OSV
added 2026/06/03 9:5 p.m.7 views

GHSA-8X6R-G9MW-2R78 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/03 9:5 p.m.13 views

EUVD-2026-34000

React Router vulnerable to DoS via unbounded path expansion in manifest endpoint...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 10:22 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the manifest endpoint. An attacker can exhaust server resources and cause service disruption by sending specially crafted requests that trigger unbounded path expansion. Note:...

8.7CVSS5.5AI score0.00299EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 10:22 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the manifest endpoint. An attacker can exhaust server resources and cause service disruption by sending specially craft...

8.7CVSS5.5AI score0.00299EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 6:23 p.m.11 views

CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:23 p.m.9 views

CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/06/02 6:23 p.m.125 views

CVE-2026-42342

CVE-2026-42342 affects React Router and Remix Server Runtime: versions 7.0.0–7.14.x of react-router and 2.10.0–2.17.4 of @remix-run/server-runtime are vulnerable to DoS via unbounded path expansion on the __manifest endpoint, causing high resource usage and potential unavailability for Framework ...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45835

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.14.x @remix-run/server-runtime versions 2.10.0 through 2.17.4 Description Certain crafted requests can cause unbounded path expansion in the " manifest" endpoint, leading to disproportionate server resourc...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

AuthKit React Router Library 资源管理错误漏洞

AuthKit React Router Library is an open-source project by WorkOS, used in React Router 7. Versions 7.0.0 to 7.14.x of the library, along with @remix-run/server-runtime 2.10.0 to 2.17.4, have a resource management vulnerability. This vulnerability stems from unbounded path expansion at the manifes...

7.5CVSS5.4AI score0.00299EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : docker-distribution-2.6.2-1.git48294d9.el7 (AXSA:2017-2274:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2274:01 advisory. It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker cou...

7.5CVSS6.6AI score0.03192EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4077

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.03192EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.6 views

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

10CVSS5.8AI score0.00486EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.4 views

SUSE CVE-2017-11468

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint...

6.5CVSS6.8AI score0.03192EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/13 1:16 a.m.36 views

Docker Registry has Allocation of Resources Without Limits or Throttling

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint. Specific Go Packages Affected...

7.5CVSS7AI score0.03192EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2018:0865-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.03192EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/09/05 10:33 a.m.7 views

docker-distribution: Does not properly restrict the amount of content accepted from a user

It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service...

7.5CVSS7.3AI score0.03192EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/07/25 3:19 p.m.30 views

CVE-2017-11468

It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service...

7.5CVSS3.8AI score0.03192EPSS
Exploits0References1
Prion
Prion
added 2017/07/20 11:29 p.m.22 views

Design/Logic Flaw

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint...

5CVSS7.2AI score0.03192EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2017/07/20 11:29 p.m.1 views

DEBIAN-CVE-2017-11468

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service memory consumption via the manifest endpoint...

7.5CVSS7AI score0.03192EPSS
Exploits0References1
Rows per page
Query Builder