Lucene search
K

6 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.16 views

CVE-2026-48509

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...

9.1CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:16 p.m.5 views

CVE-2026-48509 MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...

6.3CVSS5.7AI score0.00236EPSS
Exploits0References1
Prion
Prion
added 2024/02/22 7:15 p.m.17 views

Design/Logic Flaw

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

6CVSS7AI score0.00621EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/01/15 8:5 p.m.12 views

CVE-2021-21243 Pre-Auth Unsafe Deserialization on KubernetesResource

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue...

10CVSS9.7AI score0.54494EPSS
Exploits0References2
OSV
OSV
added 2020/01/31 5:59 p.m.20 views

GHSA-7Q36-4XX7-XCXF Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors: 1. hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized. 1. stack overflow -...

4.8CVSS6.9AI score0.01578EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2020/01/31 5:59 p.m.141 views

Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors: 1. hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized. 1. stack overflow -...

6.8CVSS6.3AI score0.01578EPSS
Exploits0References8Affected Software5
Rows per page
Query Builder