CVE-2022-31100 Reachable Assertion in rulex

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...

Greenhouse.io: Bypass of request line length limit to DoS via cache poisoning

Summary This is a bypass of the fix that was introduced in response to report 334709. The bug in question was that it was possible to poison the cache of the generated JS file at https://boards.greenhouse.io/embed/jobboard/js?for=surveymonkey, by appending a URL-encoded NULL byte %00, followed by...