5 matches found
Medium: python-pyasn1
Issue Overview: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands o...
Server-side Request Forgery (SSRF)
Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...
Arbitrary Command Injection
Overview figma-developer-mcp is a Give your coding agent access to your Figma data. Implement designs in any framework in one-shot. Affected versions of this package are vulnerable to Arbitrary Command Injection via the childprocess.exec call using unvalidated user input directly within...
PT-2024-24184 · Rizin · Rizin
Name of the Vulnerable Software and Affected Versions: rizin versions prior to 0.6.3 Description: The issue is related to a buffer overflow that can occur via the create cache bins, read cache accel, and rz dyldcache new buf functions in librz/bin/format/mach0/dyldcache.c. This can potentially le...
PT-2023-21225 · Maddy · Maddy
Name of the Vulnerable Software and Affected Versions: maddy versions 0.2.0 through 0.6.2 Description: The issue allows for a full authentication bypass if a SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it i...