8 matches found
GHSA-2F33-PR97-265Q MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies
Summary The parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary...
Security Bulletin: Data Binding Validation Bypass in Spring Framework, affects watsonx.data
Summary There are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.6 6.1.0 - 6.1.19 6.0.0 - 6.0.27 5.3.0 - 5.3.42 Older, unsupported versions are also affected Mitigation Users of affected versions should...
ZKPROV: a Zero-Knowledge Approach to Dataset Provenance for Large Language Models
As the deployment of large language models LLMs grows in sensitive domains, ensuring the integrity of their computational provenance becomes a critical challenge, particularly in regulated sectors such as healthcare, where strict requirements are applied in dataset usage. We introduce ZKPROV, a...
CVE-2025-22233
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...
Denial Of Service (DoS)
.NET Core is vulnerable to denial of service. The vulnerability exists due to a stack overflow which allows an attacker to send a customized payload that is parsed during model binding and cause an application crash...
USN-5609-1: .NET 6 vulnerability
Graham Esau discovered that .NET 6 incorrectly parsed certain payloads during model binding. An attacker could possibly use this issue to cause a denial of service...
USN-5609-1 dotnet6 vulnerability
Graham Esau discovered that .NET 6 incorrectly parsed certain payloads during model binding. An attacker could possibly use this issue to cause a denial of service...
PT-2022-7019 · Microsoft +7 · Net 6.0 +8
Name of the Vulnerable Software and Affected Versions: .NET Core versions prior to 3.1.29 .NET 6.0 versions prior to 6.0.9 Description: A denial of service issue exists due to incorrect resource cleanup, allowing a remote attacker to cause a stack overflow by sending a customized payload during...