@isaacs/brace-expansion has Uncontrolled Resource Consumption

Summary @isaacs/brace-expansion is vulnerable to a Denial of Service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the...

EUVD-2020-1096

Malware in sbrugna...

GHSA-PWFR-8PQ7-X9QV Unauthenticated Denial of Service in the octokit/webhooks library

Impact Versions v9.26.0, v10.9.x, v11.1.x, v12.0.x all contained the code that would throw the error. Specifically, during a pentest we encountered a bug in the octokit/webhooks library a dependency of Probot, a framework for building Github Apps. The resulting request was found to cause an...

Denial of Service

Overview Affected versions of node-sass are vulnerable to Denial of Service DoS. Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::getimporterentry and CustomImporterBridge::postprocessreturnvalue that crash the Node process. This may allow...

GHSA-VPQ5-4RC8-C222 Denial of Service in canvas

Versions of canvas prior to 1.6.10 are vulnerable to Denial of Service. Processing malicious JPEGs or GIFs could crash the node process. Recommendation Upgrade to version 1.6.10...

Design/Logic Flaw

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...