4 matches found
EUVD-2025-29407
Malicious code in bioql PyPI...
GHSA-M7RC-8W7M-R9QR SurrealDB vulnerable to memory exhaustion via nested functions and scripts
In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...
SurrealDB vulnerable to memory exhaustion via nested functions and scripts
In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...
None in vim/vim
Description intro While fuzzing, I found an edge case in the vim9 compiler for nested functions. It seems like you can make the compiler use the same line twice, by adding another command directly after an enddef token using the | operator. Depending on the inner functions body, this either resul...