Lucene search
K

5 matches found

CVE
CVE
added 2026/06/09 11:46 p.m.80 views

CVE-2026-40988

CVE-2026-40988 refers to an issue in the use of the REDIRECT binding for SAML 2.0 Login/Logout with the Spring Security SAML2 Service Provider, where an unbounded writer can inflate the compressed SAML payload in memory, causing a denial of service. The vulnerability affects Spring Security versi...

7.5CVSS5.5AI score0.00331EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.6 views

CVE-2026-40988: Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory...

7.5CVSS5.2AI score0.00331EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/03 11:58 p.m.4 views

GHSA-6P9P-Q6WH-9J89 apko affected by unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/03 11:58 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Split function. An attacker can cause excessive CPU consumption and resource exhaustion by supplying a malicious APK stream that triggers unbounded gzip inflation. Remediation...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.11 views

PT-2026-6384

expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion availability impact. The Split function reads the first tar header,...

5.5CVSS5.4AI score0.00106EPSS
Exploits0References5
Rows per page
Query Builder