Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2026/07/06 9:6 p.m.9 views

Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Summary POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Note: Exploitation requires authenticated file-upload access and the impact i...

6.5CVSS6AI score0.00602EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 8:38 p.m.10 views

GHSA-8988-4F7V-96QF OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation

Overview W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound inject path, not on the inbound...

5.3CVSS5.6AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49598

Name of the Vulnerable Software and Affected Versions @opentelemetry/core versions prior to 2.8.0 Description The W3CBaggagePropagator.extract function in @opentelemetry/core fails to enforce size limits when parsing inbound baggage HTTP headers. While the W3C Baggage specification recommends a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 3 : autofs-5.0.1-0.rc2.177.0.1.AXS3 (AXSA:2013-77:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-77:01 advisory. autofs is a daemon which automatically mounts filesystems when you use them, and unmounts them later when you are not using them. This can include network...

4.9CVSS5.5AI score0.00395EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/04 12:0 a.m.14 views

PT-2025-16766

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free vulnerability has been identified in the Linux kernel. The issue occurs while iterating the all mddevs list from md notify reboot and md exit, where list for each entry...

7.8CVSS6.8AI score0.00172EPSS
Exploits0
Rows per page
Query Builder