Lucene search
K

189 matches found

Snyk
Snyk
added 2022/02/14 12:43 p.m.33 views

Denial of Service (DoS)

Overview posix is a missing POSIX system calls for Node. Affected versions of this package are vulnerable to Denial of Service DoS. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check. P...

7.5CVSS6.8AI score0.00966EPSS
Exploits1References2
Snyk
Snyk
added 2022/01/31 3:4 p.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. PoC js let sqlite3 = require'sqlite3'.verbose; let db = new...

7.5CVSS7AI score0.01955EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/12/17 12:0 a.m.6 views

The vulnerability of the toString() method implementation in the Spring AMQP RabbitMQ messaging application allows a attacker to cause a service failure.

The vulnerability of the toString method implementation in the Spring AMQP RabbitMQ messaging application is related to the restoration of unreliable data in memory during the processing of Dictionary objects from the java.util class. Exploiting this vulnerability could allow an attacker to cause...

6.5CVSS6.5AI score0.01019EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/13 12:1 a.m.13 views

OSV-2021-1678 Heap-buffer-overflow in flatbuffers::EscapeString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42244 Crash type: Heap-buffer-overflow READ 1 Crash state: flatbuffers::EscapeString flexbuffers::Reference::ToString void flexbuffers::AppendToString...

7.2AI score
Exploits0References1
OSV
OSV
added 2021/12/01 12:0 a.m.4 views

GHSA-945Q-CH46-PCHG Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

6.5CVSS5.9AI score0.01037EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/12/01 12:0 a.m.27 views

Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

6.5CVSS4AI score0.01019EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/11/30 7:15 p.m.47 views

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

6.5CVSS0.01019EPSS
Exploits0References1
OSV
OSV
added 2021/11/30 7:15 p.m.46 views

UBUNTU-CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

6.5CVSS6.6AI score0.01037EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/11/30 6:41 p.m.48 views

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

6.6AI score0.01019EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/30 12:0 a.m.8 views

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, which stems from the Spring AMQP Message object in its toString method, which will create a new...

6.5CVSS6.4AI score0.01019EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2021/11/29 12:0 a.m.5 views

Spring-AMQP Remote Denial of Service - Out of Memory Error with a Large Message Body

The Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message body...

6.5CVSS6.6AI score0.01019EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/28 12:0 a.m.5 views

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. Spring AMQP suffers from a security vulnerability that stems from a Spring AMQP Message object that will deserialize a message body with content type application x-java-serialized-object i...

6.8CVSS6.4AI score0.01037EPSS
Exploits0References2
OSV
OSV
added 2021/09/10 5:54 p.m.20 views

GHSA-QVM7-23CJ-437V Remote Code Execution in Apache Dubbo

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

9.8CVSS5.8AI score0.02467EPSS
Exploits0References3
OSV
OSV
added 2021/09/09 8:15 a.m.14 views

CVE-2021-36161

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

9.8CVSS9.4AI score
Exploits0References1
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.16 views

Apache Dubbo 格式化字符串错误漏洞

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...

9.8CVSS5.8AI score0.02467EPSS
Exploits0References3
Veracode
Veracode
added 2019/05/21 5:47 a.m.15 views

Cross-site Scripting (XSS)

express-validator is vulnerable to cross-site scripting XSS. The vulnerability exists as it was possible to bypass the sanitize function as the toString function does not sanitize arrays...

6.2AI score
Exploits0
Veracode
Veracode
added 2019/05/02 4:44 a.m.38 views

Arbitrary Code Execution

Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager...

10CVSS9.5AI score0.87227EPSS
Exploits10References25Affected Software2
Positive Technologies
Positive Technologies
added 2019/03/10 12:0 a.m.11 views

PT-2019-1920 · Twig +2 · Twig +2

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 1.38.0 Twig versions 2.x prior to 2.7.0 Description: A sandbox information disclosure issue exists because, under some circumstances, it is possible to call the toString method on an object even if not allowed by the...

9.8CVSS6.2AI score0.08209EPSS
Exploits3References28
OSV
OSV
added 2018/12/18 10:29 p.m.12 views

UBUNTU-CVE-2018-19789

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...

5.3CVSS7.2AI score0.03589EPSS
Exploits0References3
Veracode
Veracode
added 2018/07/12 5:46 a.m.14 views

Regular Expression Denial Of Service (ReDoS)

jasmine-core is vulnerable to a Regular Expression Denial of Service ReDoS attack. The regular expression ^\sfunction\s\w\s\ is used to obtain the function name from the JS toString output of a function, which can result in a matching time of approximately 10 seconds for data that is 64K...

6.5AI score
Exploits0
Rows per page
Query Builder