3 matches found
SUSE CVE-2026-13311
shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...
CVE-2024-39314
toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...
GHSA-MV77-9G28-CWG3 `CHECK` fail via inputs in `PyFunc`
Impact An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. python import tensorflow as tf value = tf.constantvalue=1,2 token = b'\xb0' dataType = tf.int32 tf.rawops.PyFuncinput=value,token=token,Tout=dataType Patches We have patched the issue in GitHub...