6 matches found
GHSA-8MXQ-7XR7-2FXJ LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...
LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...
CVE-2023-22488
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...
PT-2023-11622 · Memcached · Memcached
Name of the Vulnerable Software and Affected Versions: Memcached versions 1.6.0 through 1.6.2 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted meta command. Recommendations: For Memcached versions 1.6.0 through 1.6.2, update t...
Unintended Proxy or Intermediary
Overview std/net/http/cgi is a Go standard library package std/net/http/cgi Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. Go Vulnerability Report: An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the...
PT-2020-19473 · Hashicorp +1 · Hashicorp Consul +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.6.2 and earlier Description: The issue allows unbounded resource usage and is susceptible to unauthenticated denial of service. This affects the HTTP/RPC services of HashiCorp Consul and Consu...