7 matches found
CVE-2026-10725
Protocol::HTTP2 for Perl (versions up to 1.12) is vulnerable to an HTTP/2 Bomb. The inbound HPACK path lacks a header-list size limit; headers_decode materialises a full key+value copy per indexed reference with no running size check, and stream_header_block_add appends every CONTINUATION frame u...
CVE-2024-37169
CVE-2024-37169 affects the self-hosted tool @jmondi/url-to-png. Versions before 2.0.3 are vulnerable to arbitrary file read when an attacker leverages Playwright’s screenshot feature to abuse the file wrapper. The issue is mitigated in version 2.0.3, which enforces input URLs to be http/https. Th...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
CVE-2024-37169 @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper
@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...
Malicious code in protocol-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ac7cf1b107d0a039df68b6a90b2dde45d4bad6b65d71ffdd45ab063a1b6c40d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5490 Malicious code in protocol-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ac7cf1b107d0a039df68b6a90b2dde45d4bad6b65d71ffdd45ab063a1b6c40d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...