3 matches found
Server-side Request Forgery (SSRF)
Overview @pdfme/common is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the getB64BasePdf function when...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview @pdfme/pdf-lib is a Create and modify PDF files with JavaScript Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the ensureBuffer function in the stream decoding. An attacker can exhaust system memory and cause...
PT-2020-2424 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.5.10 Description: A buffer overflow error was discovered in the mt76 add fragment function in the Linux kernel, which can be exploited by sending an oversized packet with too many rx fragments, potentially...