19 matches found
Heym 安全漏洞
Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escape vulnerabilities in custom Python tool executors, which could allow authenticated workflow...
CVE-2026-32933
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...
CVE-2026-32933
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...
CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...
CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...
CVE-2026-32933
AutoMapper (a .NET object-object mapper) is vulnerable in versions prior to 15.1.1 and 16.1.1 to a Denial of Service via uncontrolled recursion during deep object graph mapping, which can exhaust thread stack memory and trigger a StackOverflowException, terminating the process. The issue is mitig...
EUVD-2026-13505
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...
CVE-2026-32933 AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
Summary AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's sta...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the core mapping engine when handling deeply nested object graphs. An attacker can cause the application to crash. Remediation Upgrade AutoMapper to version 15.1.3, 16.1.1 or higher. References - GitHub Advisor...
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memor...
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memor...
EUVD-2025-198374
IBM webMethods Integration 10.11 through 10.11CoreFix22, 10.15 through 10.15CoreFix22, and 11.1 through 11.1CoreFix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data...
CVE-2025-36072
IBM webMethods Integration (on prem) is affected by CVE-2025-36072 due to deserialization of untrusted object graphs, enabling an authenticated user to execute arbitrary code. Affected versions include 10.11 through IS_10.11_Core_Fix22, 10.15 through IS_10.15_Core_Fix22, and 11.1 through IS_11.1_...
[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...
[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...
Denial Of Service (DoS)
MessagePack is vulnerable to denial of service. Untrusted data and deeply nested object graphs can lead to hash collisions and stack overflow that results in an application crash...
[SECURITY] Fedora 24 Update: jenkins-xstream-1.4.7-11.jenkins1.fc24
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...
[SECURITY] Fedora 24 Update: xstream-1.4.9-5.fc24
XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...