3 matches found
XML Entity Expansion
Overview Affected versions of this package are vulnerable to XML Entity Expansion via the messagemaxbytesize setting configured in the decoderawsaml function. An attacker can cause resource exhaustion by submitting a specially crafted large SAML response that is validated for Base64 format before...
Uncaught Exception
Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: Verifying certificate chains containing certificates which are not compliant with RFC 5280 causes Certificate.Verify to panic ...
GHSA-6X33-PW7P-HMPQ Denial of Service in http-proxy
Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader...