75 matches found
Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
serde-json-wasm crate 安全漏洞
serde-json-wasm crate is a Rust library open-sourced by CosmWasm. A security vulnerability exists in serde-json-wasm crate versions prior to 1.0.1, which stems from deeply nested JSON data that may lead to stack consumption...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the com.powsybl.commons.xml.XmlReader class. An attacker can access sensitive files or internal resources by submitting specially crafted XML input. Note: This is only exploitable if untrusted users...
com.farao-community.farao:csa-runner-api (>=2.1.0 <=2.6.1), com.farao-community.farao:csa-runner-app (>=1.2.1 <=2.6.1) +146 more potentially affected by CVE-2025-47293 via com.powsybl:powsybl-iidm-serde (>=6.1.0-alpha-1 <=6.7.1)
com.powsybl:powsybl-iidm-serde MAVEN version =6.1.0-alpha-1, =2.1.0, =1.2.1, =4.20.0, =4.20.0, =4.31.0 - com.farao-community.farao:farao-distribution =5.0.0 - com.farao-community.farao:farao-flowbased-computation-impl =5.0.0 - com.farao-community.farao:farao-glsk-virtual-hubs =5.0.0 -...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
RUSTSEC-2025-0025 rustc-serialize is unmaintained
rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...
rustc-serialize is unmaintained
rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...
PT-2025-19690 · Crates.Io · Rustc-Serialize
rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...
The vulnerability of the serde.py component in the BentoML library allows a hacker to execute arbitrary code on the server.
The vulnerability of the serde.py component in the BentoML library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code on the server...
MAL-2024-9604 Malicious code in eventstream-serde-config-resolver (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in eventstream-serde-config-resolver (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in eventstream-serde-universal (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9605 Malicious code in eventstream-serde-universal (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in eventstream-serde-browser (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9603 Malicious code in eventstream-serde-browser (npm)
--- -= Per source details. Do not edit below this line.=-...
GHSA-CX7H-H87R-JPGR The kstring integration in gix-attributes is unsound
gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...
The kstring integration in gix-attributes is unsound
gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...