203 matches found
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
Design/Logic Flaw
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
CVE-2021-22960
The parse function in llhttp 2.1.4 and 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling HRS under certain conditions...
Swftools 代码问题漏洞
SWFTools is a suite of open source software tools for creating and manipulating SWF files. a null pointer dereference vulnerability exists in the codeparse function in SWFTools code.c. An attacker could exploit this vulnerability to cause a denial of service...
GHSA-G452-6RFC-VRVX Prototype Pollution in open-graph
This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...
PT-2021-15507 · Unknown · Open-Graph
Name of the Vulnerable Software and Affected Versions: open-graph versions prior to 0.2.6 Description: The issue affects the parse function, which can be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. This could potentially lead to unintended...
XML2Dict XML Entity Expansion Vulnerability
XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references...
Prototype Pollution in templ8
All versions of package templ8 up to and including 0.0.44 are vulnerable to Prototype Pollution via the parse function...
Remote Code Execution (RCE)
@thi.ng/egf is vulnerable to remote code execution. The vulnerability exists due to EGF parse function attempting to decrypt values...
kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
A flaw was found in the HDLCPPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data...
CVE-2020-7702
All versions of package templ8 are vulnerable to Prototype Pollution via the parse function...
Prototype Pollution
Overview Templ8 is a JavaScript Client/ Server Template Engine Affected versions of this package are vulnerable to Prototype Pollution via the parse function. POC const Templ8 = require'Templ8'; var tpl = new Templ8 'proto.polluted=true' ; tpl.parse; console.logpolluted //true Details Prototype...
PT-2020-19725 · Npm · Templ8
Name of the Vulnerable Software and Affected Versions: templ8 versions prior to 0.0.45 Description: The issue concerns Prototype Pollution via the parse function. This affects all versions of the templ8 package up to and including 0.0.44. Recommendations: For versions prior to 0.0.45, update to...
The vulnerability of the parse function in the .ini parsing library .ini-parser, a package manager in NPM, allows a hacker to execute arbitrary code.
The vulnerability of the parse function in the .ini parsing library “ini-parser” from the NPM package is due to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to execute arbitrary code...
GHSA-96R7-MRQF-JHCC Prototype Pollution in ini-parser
All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...
Prototype Pollution in ini-parser
All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...