2 matches found
Allocation of Resources Without Limits or Throttling
Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parseArrayValue function when the comma option is in use. An attacker can exhaust system memor...
Infinite loop
Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Infinite loop via the /optin endpoint, which causes infinite HTTP redirects when accessed directly. An attacker can exhaust server or client resources by repeatedly triggeri...