1277 matches found
_createDepositSingle() call bridgeOut missing normalizeDecimals
Lines of code Vulnerability details Impact Wrong decimal place conversion, resulting in wrong quantity Proof of Concept in createDepositSingle will call IPortlocalPortAddress.bridgeOut The parameter deposit is not converted to 18 decimal createDepositSingle function createDepositSingle address...
## Significant roundoff error in depositToPort function (ArbitrumBranchBridgeAgent.sol )
Lines of code Vulnerability details Significant roundoff error in depositToPort function ArbitrumBranchBridgeAgent.sol This issue is caused with different decimals than 18. As an Eg USDC, WBTC. Let's consider the USDC as the case scenario. If User deposit USDC into the depositToPort function, He...
Code injection
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
Code injection
The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...
PT-2023-24272 · Unknown · Giturlparse
Name of the Vulnerable Software and Affected Versions: git-url-parse versions 0.4.4 and earlier Description: The issue allows Regular Expression Denial of Service ReDos via a crafted URL to normalize url in lib.rs. This is similar to an issue found in Python. Recommendations: For versions 0.4.4 a...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
CVE-2023-2808 Lack of URL normalization allows rendering previews for disallowed domains
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link...
CVE-2023-2808 Lack of URL normalization allows rendering previews for disallowed domains
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
DEBIAN-CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
AZL-37500 CVE-2023-29400 affecting package golang for versions less than 1.21.6-1
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
Code injection
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29400 Improper handling of empty HTML attributes in html/template
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
Node.js: Regular Expression Denial of Service in Headers fetch API
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...
CVE-2023-29400
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into...