Lucene search
+L

4 matches found

NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-50645

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

7.5CVSS0.0046EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 3:5 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview socket.io-parser is a socket.io protocol parser Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Decoder class, which accepts an unlimited number of binary attachments. An attacker can exploit this to exhaust server memory...

8.7CVSS5.8AI score0.00514EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/16 10:48 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview codeberg.org/forgejo/forgejo/services/context is a self-hosted lightweight software forge Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in api.go and context.go, which accept attachments of unlimited size, and allocate unlimited...

6.9CVSS5.8AI score0.00471EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.4 views

cxf: does not restrict the number of message attachments

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and...

6.5CVSS7.3AI score0.06257EPSS
Exploits0References4
Rows per page
Query Builder