15 matches found
CVE-2025-66622 matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values
matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room wit...
matrix-sdk-base denial of service via custom m.room.join_rules event values
The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...
matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events
The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...
RUSTSEC-2025-0135 matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events
The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...
PT-2025-49576
Name of the Vulnerable Software and Affected Versions matrix-sdk-base versions 0.14.1 and prior Description The software is susceptible to a denial-of-service condition. If a user is invited to a room with non-standard join rules, the sync process will stall, preventing further processing for all...
CVE-2025-55165
CVE-2025-55165 affects Autocaliweb prior to v0.8.3. The issue arises from the debug pack serialization (to_dict()) not filtering sensitive fields, potentially exposing API keys. Patch released in v0.8.3; mitigation is upgrade to 0.8.3+ or apply vendor workaround if available. Other connected sour...
PT-2024-10583 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a read/write serialization problem in the read function of ProcessStats.java, which can lead to a permissions bypass. This could result in local escalation of...
Deserialization of Untrusted Data in apache-submarine
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
DEBIAN-CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...
api-platform/core's secured properties may be accessible within collections
API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...
PT-2022-37165 · Unknown · Com.Fasterxml.Jackson.Core
Name of the Vulnerable Software and Affected Versions: com.fasterxml.jackson.core affected versions not specified Description: The issue is related to a security exception that occurs during the serialization of an ArrayNode. The crash state indicates that the problem arises in the...
CVE-2022-24866 Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could...
Internal Property Tampering
Overview bson is a BSON Parser for node and browser. Affected versions of this package are vulnerable to Internal Property Tampering. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...
CVE-2020-0688 - Exchange Control Panel Viewstate Deserialization Bug
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’. Recent assessments: zeroSteiner at February 26, 2020 5:02pm UTC reported: This is a serialization bug...
ALPINE-CVE-2016-9865
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...