10 matches found
EUVD-2024-50814
Malicious code in bioql PyPI...
CVE-2024-12379
CVE-2024-12379 is a denial-of-service issue in GitLab CE/EE where an attacker can cause unbounded symbol creation via the scopes parameter in a Personal Access Token, impacting availability. Affected versions run from 14.1 up to 17.6.5, 17.7 up to 17.7.4, and 17.8 up to 17.8.2. The root cause is ...
CVE-2024-12379 Allocation of Resources Without Limits or Throttling in GitLab
A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token...
CVE-2024-12379
Removed by vendor...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from unrestricted symbol...
rubygem-activerecord: attribute_dos Symbol DoS vulnerability
A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service resource consumption attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected...
Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS
The 1 power and 2 ipmiboot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service memory consumption via unspecified input that is converted to a symbol...
Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS
The 1 power and 2 ipmiboot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service memory consumption via unspecified input that is converted to a symbol...
rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
DEBIAN-CVE-2013-0269
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...