9 matches found
GHSA-V3RJ-XJV7-4JMQ smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines
Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...
smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines
Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...
EUVD-2025-24881
Malicious code in bioql PyPI...
CVE-2025-55195
The CVE-2025-55195 entry concerns @std/toml (Deno Standard Library). The vulnerability arises prior to version 1.0.9 when parsing untrusted TOML data, allowing Prototype Pollution by merging an untrusted object with an empty object whose prototype chain is inherited. This affects environments usi...
Deno Standard Library 安全漏洞
Deno Standard Library std is a Deno Standard Library open source by Deno. A security vulnerability exists in Deno Standard Library versions prior to 1.0.9, which stems from a potential prototype contamination when parsing untrusted TOML data...
PT-2024-40409 · Npm · Smol-Toml
Name of the Vulnerable Software and Affected Versions: smol-toml versions prior to 1.3.1 Description: The issue arises from the library's lack of limitation on the maximum exploration depth while parsing or producing TOML documents, allowing an attacker to cause a stack overflow by sending a...
SUSE CVE-2023-3894
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
Input validation
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
FasterXML Jackson Buffer Error Vulnerability
FasterXML Jackson is a data manipulation tool for Java from FasterXML USA. A security vulnerability exists in FasterXML Jackson-dataformats-text, which stems from vulnerability to denial-of-service DOS attacks when parsing TOML data...