GHSA-M6XR-FVFG-5G64 Dasel: Denial of service in dasel selector lexer due to infinite loop on unterminated regex literal

Summary dasel's selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as r/abc. A 2-byte input r/ is sufficient to cause the tokenizer to consume 100% CPU on one core indefinitely. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8 a...

json-lib: Mishandling of an unbalanced comment string in json-lib

A flaw was found in JSON-lib's JSONTokener component. This vulnerability allows a denial of service via an unbalanced comment string...

Users are charged twice the FDT tokens when tokenizing their convictions

Handle shw Vulnerability details Impact Users have to pay twice the FSD tokens when tokenizing their convictions if the locked variable is non-zero. Proof of Concept The first payment is made in the function tokenizeConviction of the contract ERC20ConvictionScore line 282, where a user transfer...

Mozilla Firefox ESR < 45.5 Multiple Vulnerabilities

Binary data 9805.prm...

[RIPS] A static source code analyser for vulnerabilities in PHP scripts

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks potentially vulnerable functions that can be tainted b...