189 matches found
Denial of Service (DoS)
Overview posix is a missing POSIX system calls for Node. Affected versions of this package are vulnerable to Denial of Service DoS. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check. P...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. PoC js let sqlite3 = require'sqlite3'.verbose; let db = new...
The vulnerability of the toString() method implementation in the Spring AMQP RabbitMQ messaging application allows a attacker to cause a service failure.
The vulnerability of the toString method implementation in the Spring AMQP RabbitMQ messaging application is related to the restoration of unreliable data in memory during the processing of Dictionary objects from the java.util class. Exploiting this vulnerability could allow an attacker to cause...
OSV-2021-1678 Heap-buffer-overflow in flatbuffers::EscapeString
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42244 Crash type: Heap-buffer-overflow READ 1 Crash state: flatbuffers::EscapeString flexbuffers::Reference::ToString void flexbuffers::AppendToString...
GHSA-945Q-CH46-PCHG Deserialization of Untrusted Data in Spring AMQP
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...
Deserialization of Untrusted Data in Spring AMQP
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...
CVE-2021-22095
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...
UBUNTU-CVE-2021-22095
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...
CVE-2021-22095
In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...
Spring AMQP 代码问题漏洞
Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, which stems from the Spring AMQP Message object in its toString method, which will create a new...
Spring-AMQP Remote Denial of Service - Out of Memory Error with a Large Message Body
The Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message body...
Spring AMQP 代码问题漏洞
Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. Spring AMQP suffers from a security vulnerability that stems from a Spring AMQP Message object that will deserialize a message body with content type application x-java-serialized-object i...
GHSA-QVM7-23CJ-437V Remote Code Execution in Apache Dubbo
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...
CVE-2021-36161
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...
Apache Dubbo 格式化字符串错误漏洞
Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...
Cross-site Scripting (XSS)
express-validator is vulnerable to cross-site scripting XSS. The vulnerability exists as it was possible to bypass the sanitize function as the toString function does not sanitize arrays...
Arbitrary Code Execution
Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager...
PT-2019-1920 · Twig +2 · Twig +2
Name of the Vulnerable Software and Affected Versions: Twig versions prior to 1.38.0 Twig versions 2.x prior to 2.7.0 Description: A sandbox information disclosure issue exists because, under some circumstances, it is possible to call the toString method on an object even if not allowed by the...
UBUNTU-CVE-2018-19789
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...
Regular Expression Denial Of Service (ReDoS)
jasmine-core is vulnerable to a Regular Expression Denial of Service ReDoS attack. The regular expression ^\sfunction\s\w\s\ is used to obtain the function name from the JS toString output of a function, which can result in a matching time of approximately 10 seconds for data that is 64K...