3 matches found
setThreshold can bypass cool down period in setGSCAllowance
Lines of code Vulnerability details Impact setThreshold can bypass the cool down period in setGSCAllowance and decrease the gscAllowancetoken. Proof of Concept In setGSCAllowance, we add a cool-down period of 7 days for the admin to set a new allowance to gscAllowancetoken either increase or...
treasury approveSmallSpending, approveMediumSpend and approveLargeSpend and setThreshold and setGSCAllowance can be frontrunned
Lines of code Vulnerability details Line of code: Impact treasury approveSmallSpending, approveMediumSpend and approveLargeSpend can be frontrunned Proof of Concept the AracheTreasury, there are three spending relate function: approveSmallSpend, approveMediumSpend, approveLargeSpend both of these...
Regular Expression Denial Of Service (ReDoS)
org.apache.tika:tika is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler component, due to an insecure regular expression usage in setThreshold function by...