Fiber 安全漏洞

Fiber is an open-source web framework written in Go language. Versions of Fiber prior to 3.1.0 have a security vulnerability. This vulnerability stems from the fiberflash cookie, which can trigger excessive memory allocation through unvalidated msgpack deserialization, potentially leading to...

ai.mantik:ds_2.12 (>=0.3.0 <=0.3.1-rc2), ai.mantik:ds_2.13 (>=0.4.0 <=0.4.0-rc1) +1285 more potentially affected by CVE-2026-21452 via org.msgpack:msgpack-core (>=0.7.0-M1 <=0.9.10)

org.msgpack:msgpack-core MAVEN version =0.7.0-M1, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2026-21452 Source advisory: OSV:GHSA-CW39-R4H6-8J3X...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the deserialization process of .msgpack files containing EXT32 objects. An attacker can exhaust system memory and cause service unavailability by submitting a specially crafted .msgpack fil...

ai.mantik:ds_2.12 (>=0.3.0 <=0.3.1-rc2), ai.mantik:ds_2.13 (>=0.4.0 <=0.4.0-rc1) +1283 more potentially affected by CVE-2026-21452 via org.msgpack:msgpack-core (>=0.7.0-M6 <=0.9.10)

org.msgpack:msgpack-core MAVEN version =0.7.0-M6, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2026-21452 Source advisory: SNYK:JAVA-ORGMSGPACK-14857714...

Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

Fedora: Security Advisory (FEDORA-2024-e7bb8bc2da)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: lua-mpack-1.0.12-1.fc40

mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...

[SECURITY] Fedora 39 Update: lua-mpack-1.0.12-1.fc39

mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...

[SECURITY] Fedora 41 Update: lua-mpack-1.0.12-1.fc41

mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...

MAL-2024-6471 Malicious code in activerecord-msgpack-serializer (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in activerecord-msgpack-serializer (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

BIT-FLUENT-BIT-2021-46879

An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...

Fedora: Security Advisory for golang-github-hashicorp-msgpack (FEDORA-2023-f122ea1b3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: golang-github-hashicorp-msgpack-2.1.0-1.fc38

High Performance, Feature-Rich Idiomatic codec/encoding library...

An issue was discovered in Treasure Data Fluent Bit 1.7.1 a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software triggering a heap overflow and execute arbitrary code on the target system.

...

An issue was discovered in Treasure Data Fluent Bit 1.7.1 erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software triggering use-after-free and execute arbitrary code on the target system.

...

CVE-2021-46879

An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...

PT-2023-12598 · Treasure Data · Treasure Data Fluent Bit

Name of the Vulnerable Software and Affected Versions: Treasure Data Fluent Bit version 1.7.1 Description: An issue was discovered in Treasure Data Fluent Bit, where erroneous parsing in flb pack msgpack to json format leads to a type confusion bug. This bug interprets whatever is on the stack as...

CVE-2021-46879

An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...

PT-2023-12599 · Treasure Data · Treasure Data Fluent Bit

Name of the Vulnerable Software and Affected Versions: Treasure Data Fluent Bit version 1.7.1 Description: An issue was discovered in Treasure Data Fluent Bit, where a wrong variable is used to get the msgpack data, resulting in a heap overflow in flb msgpack gelf value ext. An attacker can craft...