2 matches found
Improper Control of Dynamically-Managed Code Resources
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the unsafe usage of the .call with globalPromise.prototype.then callback function. An...
DEBIAN-CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...