GHSA-WJX2-7HQQ-8H7M rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via nested forms. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and...

Cross-Site Scripting (XSS)

railsadmin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via nested forms...

CVE-2020-36190

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

Design/Logic Flaw

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

CVE-2020-36190

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

CVE-2020-36190

The CVE-2020-36190 case affects the RailsAdmin (rails_admin) gem prior to 1.4.3 and 2.x prior to 2.0.2, exposing a cross-site scripting (XSS) vulnerability via nested forms. Root cause is unvalidated input in nested form handling, enabling injected scripts to be rendered in the browser. The impac...

CVE-2019-25001

An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...

CVE-2019-25001

An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...

UBUNTU-CVE-2019-25001

An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...

CVE-2019-25001

CVE-2019-25001 affects the Rust crate serde_cbor prior to 0.10.2. The CBOR deserializer can cause stack consumption when processing nested semantic tags, enabling potential resource exhaustion. The issue is confined to the crate’s deserialization path; affected versions are those before 0.10.2. R...

CVE-2019-25001

An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in Rust serdecbor crate versions prior to 0.10.2, which stems from the fact that the CBOR deserializer may cause stack consumption via nested semantic tags. No detailed...

Prototype Pollution in bonnevoyager/nested-objects-util

Description nested-objects-util is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var unflatten = require"nested-objects-util" console.log"Before : " + .polluted; unflatten"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2...

Prototype Pollution in ionicabizau/obj-unflatten

Description obj-unflatten convert flatten objects in nested ones. This package is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const unflatten = require'obj-unflatten' console.log'Before: ' + .polluted unflatten'proto.polluted':...

tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c

An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTRSET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion du...

librsvg: Resource exhaustion via crafted SVG file with nested patterns

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

Django: the behavior of the underlying HTMLParser leading to DoS

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

grok:grk_decompress_fuzzer: Nested bug in the same thread, aborting. with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5082666229301248 Project: grok Fuzzing Engine: libFuzzer Fuzz Target: grkdecompressfuzzer Job Type: libfuzzermsangrok Platform Id: linux Crash Type: Nested bug in the same thread, aborting. Crash Address: Crash State: NULL Sanitizer: memory MSAN...