4 matches found
CVE-2026-54274
The CVE-2026-54274 entry concerns AIOHTTP (async HTTP framework for asyncio/Python). It identifies that prior to version 3.14.1, an attacker could send large incomplete websocket frame payloads, potentially bypassing memory-use limits. The vulnerability affects AIOHTTP’s websocket handling logic ...
CVE-2026-45357 LiquidJS: Memory and render limit bypass via unbounded width padding in `date` filter (strftime)
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...
aiohttp: Incomplete websocket frame payloads bypass memory limits
Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive memory use. ----- Patch:...
CVE-2022-24375
The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...