Lucene search
K

9 matches found

OSV
OSV
added 2026/03/25 9:3 p.m.3 views

GHSA-V3RJ-XJV7-4JMQ smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...

5.3CVSS6.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/25 9:3 p.m.7 views

smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...

6.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-24881

Malicious code in bioql PyPI...

7.3CVSS6.5AI score0.00307EPSS
Exploits0References3
CVE
CVE
added 2025/08/14 4:39 p.m.15 views

CVE-2025-55195

The CVE-2025-55195 entry concerns @std/toml (Deno Standard Library). The vulnerability arises prior to version 1.0.9 when parsing untrusted TOML data, allowing Prototype Pollution by merging an untrusted object with an empty object whose prototype chain is inherited. This affects environments usi...

7.3CVSS7AI score0.00307EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.5 views

Deno Standard Library 安全漏洞

Deno Standard Library std is a Deno Standard Library open source by Deno. A security vulnerability exists in Deno Standard Library versions prior to 1.0.9, which stems from a potential prototype contamination when parsing untrusted TOML data...

7.3CVSS6.7AI score0.00307EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.3 views

PT-2024-40409 · Npm · Smol-Toml

Name of the Vulnerable Software and Affected Versions: smol-toml versions prior to 1.3.1 Description: The issue arises from the library's lack of limitation on the maximum exploration depth while parsing or producing TOML documents, allowing an attacker to cause a stack overflow by sending a...

5.3CVSS7.8AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/08/10 1:39 a.m.3 views

SUSE CVE-2023-3894

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

5.8CVSS7.5AI score0.00741EPSS
Exploits0References3
Prion
Prion
added 2023/08/08 6:15 p.m.13 views

Input validation

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

5CVSS7.3AI score0.00741EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.6 views

FasterXML Jackson Buffer Error Vulnerability

FasterXML Jackson is a data manipulation tool for Java from FasterXML USA. A security vulnerability exists in FasterXML Jackson-dataformats-text, which stems from vulnerability to denial-of-service DOS attacks when parsing TOML data...

7.5CVSS6.7AI score0.00741EPSS
Exploits0References4
Rows per page
Query Builder