60 matches found
CVE-2026-45822
A flaw was found in the decode-uri-component library. This vulnerability allows a remote attacker to trigger a Denial of Service DoS by submitting specially crafted input. The decode function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can le...
EUVD-2026-40267
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
CVE-2026-45822
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
CVE-2026-45822
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
ROOT-APP-NPM-CVE-2022-38900 CVE-2022-38900 in @rootio/decode-uri-component - Patched by Root
Root has patched CVE-2022-38900 in the @rootio/decode-uri-component package for Root:npm. Multiple fixed versions available...
MiracleLinux 9 : pcs-0.11.6-3.el9.ML.1 (AXSA:2023-6977:13)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6977:13 advisory. decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 Tenable has extracted the preceding description block directly from the...
Atlassian Confluence < 8.5.18 / 8.6.x < 9.2.1 / 9.3.x < 9.3.1 / 9.4.x < 9.5.4 / 10.0.x < 10.0.2 / 10.1.0 (CONFSERVER-101486)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101486 advisory. - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE-2022-38900 Note that Nessus has not tested for this...
EUVD-2022-7447
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-38900
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE-2022-38900 Note that Nessus relies on the presence of the package as...
CVE-2024-1594
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...
EulerOS 2.0 SP8 : wget (EulerOS-SA-2025-1130)
According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data...
Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities
Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...
DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center
This High severity decode-uri-component Dependency vulnerability was introduced in version 7.0.1 of Confluence Data Center. This decode-uri-component Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to...
ROS-20240826-09
The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...
ROS-20240826-12
Vulnerability of Ruby programming language components rfc2396parser.rb and rfc3986parser.rb is related to incorrect implementation of processing invalid URLs. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability in the URI component of th...
Security Bulletin: Vulnerability in nodejs decode-uri-component affect Cloud Pak System[CVE-2022-38900]
Summary Vulnerability in nodejs decode-uri-component affect Cloud Pak SystemCVE-2022-38900. Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by...
RHEL 6 : decode-uri-component (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 Note that Nessus has not tested for...
Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1576 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...
AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1576 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...
RHEL 9 : ruby:3.1 (RHSA-2024:1576)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...