GHSA-945Q-CH46-PCHG Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

UBUNTU-CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, which stems from the Spring AMQP Message object in its toString method, which will create a new...

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. Spring AMQP suffers from a security vulnerability that stems from a Spring AMQP Message object that will deserialize a message body with content type application x-java-serialized-object i...

GHSA-QVM7-23CJ-437V Remote Code Execution in Apache Dubbo

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

CVE-2021-36161

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

Apache Dubbo 格式化字符串错误漏洞

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...

Cross-site Scripting (XSS)

express-validator is vulnerable to cross-site scripting XSS. The vulnerability exists as it was possible to bypass the sanitize function as the toString function does not sanitize arrays...

Arbitrary Code Execution

Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager...

PT-2019-1920 · Twig +2 · Twig +2

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 1.38.0 Twig versions 2.x prior to 2.7.0 Description: A sandbox information disclosure issue exists because, under some circumstances, it is possible to call the toString method on an object even if not allowed by the...

UBUNTU-CVE-2018-19789

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...

Regular Expression Denial Of Service (ReDoS)

jasmine-core is vulnerable to a Regular Expression Denial of Service ReDoS attack. The regular expression ^\sfunction\s\w\s\ is used to obtain the function name from the JS toString output of a function, which can result in a matching time of approximately 10 seconds for data that is 64K...

CVE-2016-7564

Heap-based buffer overflow in the FptoString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service crash via crafted input...

UBUNTU-CVE-2016-9138

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::wakeup...

CVE-2016-7504

A use-after-free vulnerability was observed in RptoString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition...

CVE-2016-7504

A use-after-free vulnerability was observed in RptoString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition...

CVE-2016-3897

The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java in Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 includes a password in the return value of a toString method call, which allows attackers to obtain sensitive information vi...