Lucene search
K

369 matches found

NVD
NVD
added 2026/04/13 10:16 p.m.5 views

CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS0.00234EPSS
Exploits1References3
OSV
OSV
added 2026/04/13 10:16 p.m.5 views

DEBIAN-CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

5.5CVSS5.6AI score0.00234EPSS
Exploits1References1
NVD
NVD
added 2026/04/13 10:16 p.m.12 views

CVE-2026-33908

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

7.5CVSS0.0051EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/04/13 10:16 p.m.6 views

CVE-2026-33908

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References7
OSV
OSV
added 2026/04/13 10:16 p.m.12 views

UBUNTU-CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS5.9AI score0.00234EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/13 9:50 p.m.11 views

CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS5.9AI score0.00234EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 9:50 p.m.36 views

CVE-2026-33947

Vulnerability summary (CVE-2026-33947) : In jq ≤ 1.8.1, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in src/jv_aux.c perform unbounded recursion whose depth is driven by a caller-supplied path array. A crafted JSON input (flat array ~65,000 integers, ~200 KB) used as a path argumen...

6.2CVSS5.9AI score0.00234EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 9:50 p.m.23 views

CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS0.00234EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32541

Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description A command-line JSON processor is subject to a denial of service. The functions jv setpath, jv getpath, and delpaths sorted in src/jv aux.c use unbounded recursion where the depth is controlled by the...

6.3CVSS5.2AI score0.00256EPSS
Exploits2References62
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.7 views

CVE-2026-39376

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

7.5CVSS5.9AI score0.00328EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/08 12:12 a.m.11 views

FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...

7.5CVSS5.9AI score0.00328EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/08 12:12 a.m.7 views

GHSA-4GX2-PC4F-WQ37 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...

7.5CVSS5.8AI score0.00328EPSS
Exploits1References4
NVD
NVD
added 2026/04/07 8:16 p.m.6 views

CVE-2026-39376

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

7.5CVSS0.00328EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:46 p.m.4 views

CVE-2026-39376

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

7.5CVSS5.9AI score0.00328EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/06 5:35 p.m.4 views

MGASA-2026-0087 Updated python-pyasn1 packages fix security vulnerability

pyasn1 Vulnerable to Denial of Service via Unbounded Recursion. CVE-2026-30922...

7.5CVSS6.8AI score0.0058EPSS
Exploits1References5
Mageia
Mageia
added 2026/04/06 5:35 p.m.6 views

Updated python-pyasn1 packages fix security vulnerability

pyasn1 Vulnerable to Denial of Service via Unbounded Recursion. CVE-2026-30922...

7.5CVSS6.8AI score0.0058EPSS
Exploits1References4
NVD
NVD
added 2026/04/06 4:16 p.m.7 views

CVE-2026-34211

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

7.5CVSS0.00395EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 3:10 p.m.4 views

CVE-2026-34211 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

6.9CVSS5.9AI score0.00395EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/03 9:45 p.m.6 views

SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

7.5CVSS6.1AI score0.00395EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/03 9:45 p.m.4 views

GHSA-8PFC-JJGW-6G26 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

6.9CVSS6.1AI score0.00395EPSS
Exploits1References3
Rows per page
Query Builder