GHSA-FX7F-RJQJ-52PJ Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

CVE-2022-29567

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

Vaadin Flow Components 信息泄露漏洞

Vaadin Flow Components is a Maven multi-module project that contains all Vaadin flow components. A security vulnerability exists in Vaadin Flow Components that stems from the default configuration of the TreeGrid component that uses Object::toString as the key for client-server communication in...

Possible information disclosure inside TreeGrid component with default data provider

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

GHSA-5HFP-964W-5VGM Improper Limitation of a Pathname to a Restricted Directory in Jenkins

A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java,...

GHSA-773H-W45W-F2F9 Denial of service vulnerability exists in libxmljs

libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a...

CVE-2022-21227

A vulnerability was found in sqlite3. The flaw occurs due to a segmentation fault of an invalid toString object. Users experience a fatal error when supplying a specific object in the parameter array due to this issue...

CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

DEBIAN-CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

UBUNTU-CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

CVE-2022-21144

This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash...

CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

GHSA-32J9-6QQM-MQ9G Unhandled case in node-lmdb

The package node-lmdb before 0.9.7 is vulnerable to Denial of Service DoS when defining a non-invokable ToString value, which will cause a crash during type check...

CVE-2022-21164

The package node-lmdb before 0.9.7 are vulnerable to Denial of Service DoS when defining a non-invokable ToString value, which will cause a crash during type check...

node-lmdb 安全漏洞

node-lmdb is a node.js binding for LMDB by the individual developer Timur Kristof of Hungary. A security vulnerability exists in node-lmdb that stems from node-lmdb's susceptibility to denial-of-service DoS attacks when defining uncallable ToString values. Successful exploitation will result in a...

Denial of Service (DoS)

Overview posix is a missing POSIX system calls for Node. Affected versions of this package are vulnerable to Denial of Service DoS. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check. P...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. PoC js let sqlite3 = require'sqlite3'.verbose; let db = new...

The vulnerability of the toString() method implementation in the Spring AMQP RabbitMQ messaging application allows a attacker to cause a service failure.

The vulnerability of the toString method implementation in the Spring AMQP RabbitMQ messaging application is related to the restoration of unreliable data in memory during the processing of Dictionary objects from the java.util class. Exploiting this vulnerability could allow an attacker to cause...

OSV-2021-1678 Heap-buffer-overflow in flatbuffers::EscapeString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42244 Crash type: Heap-buffer-overflow READ 1 Crash state: flatbuffers::EscapeString flexbuffers::Reference::ToString void flexbuffers::AppendToString...