5 matches found
@actinc/eslint-config (>=4.10.0 <=4.16.0), @alexgorbatchev/dotfiles (>=0.0.1 <=1.0.1) +298 more potentially affected by unknown CVE via smol-toml (>=1.1.2 <=1.6.0)
smol-toml NPM version =1.1.2, =4.10.0, =0.0.1, =2.8.0, =0.1.0-alpha.0, =0.2.2, =0.32.3, =0.2.2, =1.0.0, =0.1.3, =1.0.30, =0.2.0, =0.0.4, =0.0.4, =0.0.4, =9.0.0-canary.1784 and more Source cves: unknown CVE Source advisory: SNYK:JS-SMOLTOML-15768230...
@actinc/eslint-config (>=4.10.0 <=4.16.0), @alexgorbatchev/dotfiles (>=0.0.1 <=1.0.1) +298 more potentially affected by unknown CVE via smol-toml (>=1.1.2 <=1.6.0)
smol-toml NPM version =1.1.2, =4.10.0, =0.0.1, =2.8.0, =0.1.0-alpha.0, =0.2.2, =0.32.3, =0.2.2, =1.0.0, =0.1.3, =1.0.30, =0.2.0, =0.0.4, =0.0.4, =0.0.4, =9.0.0-canary.1784 and more Source cves: unknown CVE Source advisory: OSV:GHSA-V3RJ-XJV7-4JMQ...
Uncontrolled Recursion
Overview smol-toml is an A small, fast, and correct TOML parser/serializer Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash by submitting TOML documents containing thousands of consecutive commented lines, which triggers...
GHSA-PQHP-25J4-6HQ9 smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Summary An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects. The library does not limit the maximum exploration depth while...
PT-2024-40409 · Npm · Smol-Toml
Name of the Vulnerable Software and Affected Versions: smol-toml versions prior to 1.3.1 Description: The issue arises from the library's lack of limitation on the maximum exploration depth while parsing or producing TOML documents, allowing an attacker to cause a stack overflow by sending a...