2 matches found
PT-2026-49735
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description The Body Limit Middleware trusts the Content-Length header to determine if a request body is within the allowed limit. In environments such as AWS Lambda including API Gateway v1/v2, ALB, VPC Lattice,...
OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests
Summary JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage similar to a zip bomb. While reproducing the issue, we could reach a factor of about 35. This...