Lucene search
K

18 matches found

Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.17 views

protobuf.js: Code injection through bytes field defaults in generated toObject code

Summary protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generat...

8.8CVSS6.1AI score0.00381EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40539

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description JavaScript generated for toObject conversion may include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor...

9CVSS6.1AI score0.00381EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1210

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.02026EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-7224

Malicious code in bioql PyPI...

9CVSS8.8AI score0.02865EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-27407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21,...

9CVSS7.6AI score0.02865EPSS
Exploits2References3
NVD
NVD
added 2025/03/12 7:15 p.m.28 views

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS0.02865EPSS
Exploits2References11
OSV
OSV
added 2025/03/12 7:15 p.m.4 views

DEBIAN-CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS9.1AI score0.02865EPSS
Exploits2References1
OSV
OSV
added 2025/03/12 7:15 p.m.3 views

UBUNTU-CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS6.1AI score0.02865EPSS
Exploits2References12
Amazon
Amazon
added 2024/01/09 12:0 a.m.5 views

Medium: python-ldap

Issue Overview: python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could...

6.5CVSS6.8AI score0.01713EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/06/29 7:0 a.m.7 views

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

...

6.5CVSS6.5AI score0.01713EPSS
Exploits0
OSV
OSV
added 2022/06/19 12:0 a.m.18 views

GHSA-QFR5-WJPW-Q4C4 Denial of Service in python-ldap

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6AI score0.01713EPSS
Exploits0References4
OSV
OSV
added 2022/06/18 4:15 p.m.7 views

AZL-9960 CVE-2021-46823 affecting package python-ldap for versions less than 3.4.0-1

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.7AI score0.01713EPSS
Exploits0References1
OSV
OSV
added 2022/06/18 4:15 p.m.3 views

DEBIAN-CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.3AI score0.01713EPSS
Exploits0References1
OSV
OSV
added 2022/06/18 4:15 p.m.2 views

UBUNTU-CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.6AI score0.01713EPSS
Exploits0References5
OSV
OSV
added 2022/02/10 8:18 p.m.4 views

GHSA-VM64-CFQX-3698 Code Injection in jsen

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so it is assumed that this is applicable. I...

7.2CVSS7.2AI score0.02026EPSS
Exploits1References3
NVD
NVD
added 2020/11/23 4:15 p.m.21 views

CVE-2020-7777

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In...

7.2CVSS7AI score0.02026EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/11/23 3:40 p.m.33 views

CVE-2020-7777 Arbitrary Code Execution

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In...

7.2CVSS7AI score0.02026EPSS
Exploits1References2
Snyk
Snyk
added 2020/10/01 1:5 p.m.5 views

Arbitrary Code Execution

Overview jsen is a JSON-Schema validator built for speed Affected versions of this package are vulnerable to Arbitrary Code Execution. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no...

7.2CVSS7.1AI score0.02026EPSS
Exploits1References2
Rows per page
Query Builder