4257 matches found
PSF-2026-8
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299 email BytesGenerator header injection due to unquoted newlines
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299 email BytesGenerator header injection due to unquoted newlines
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
CVE-2026-1299
CVE-2026-1299 affects Python’s email module, specifically BytesGenerator, where newlines in headers weren’t properly quoted during serialization, enabling header injection when using LiteralHeader. The issue is triggered when headers are serialized with LiteralHeader behavior that ignores folding...
Denial-Of-Service (DoS)
Seroval is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded recursion during serialization, where objects with extreme nesting depth can exceed the maximum call stack size, causing crashes or service disruption when serializing untrusted input...
SUSE CVE-2026-23956
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegE...
CPython security vulnerabilities
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability that stems from the email module’s improper handling of line breaks during email serialization, which may lead to header injection attacks...
Seroval affected by Denial of Service via Deeply Nested Objects
Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...
GHSA-3J22-8QJ3-26MX Seroval affected by Denial of Service via Deeply Nested Objects
Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...
Allocation of Resources Without Limits or Throttling
Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitting objects with...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitti...
CVE-2026-24006
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...
CVE-2026-24006
CVE-2026-24006 affects Seroval and describes a Denial of Service risk from serializing deeply nested JS objects. Versions ≤ 1.4.0 permit object depth that can exhaust the call stack; version 1.4.1 adds a depthLimit parameter to serialization/deserialization and will throw an error when the limit ...
CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...
CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...
CVE-2026-24006
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...
EUVD-2026-3668
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing...
EUVD-2026-3669
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp...
CVE-2026-23956
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegE...