Lucene search
+L

68 matches found

OSV
OSV
added 2026/03/20 4:47 a.m.3 views

CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

8.2CVSS5.8AI score0.00595EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.10 views

PT-2026-26302

Name of the Vulnerable Software and Affected Versions Salvo versions prior to 0.89.3 Description Salvo, a Rust web framework, is susceptible to denial of service due to unbounded memory allocation during form data parsing. The form data method and Extractible macro do not enforce payload size...

8.7CVSS5.8AI score0.00437EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/03/18 1:17 p.m.6 views

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS5.8AI score0.01256EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/17 4:59 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the JsonBeanPropertyBinder::expandArrayToThreshold function of the form-urlencoded body binding process. An attacker can cause sustained CPU usage and unbounded memory growth,...

8.7CVSS5.8AI score0.00595EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.6 views

PT-2026-26180

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service...

8.2CVSS5.9AI score0.00595EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/01/08 4:57 p.m.5 views

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS5.8AI score0.01256EPSS
Exploits0References4
NVD
NVD
added 2025/12/03 7:15 p.m.6 views

CVE-2024-3884

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS0.01256EPSS
Exploits0References14
OSV
OSV
added 2025/12/03 7:15 p.m.2 views

DEBIAN-CVE-2024-3884

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS7.6AI score0.01256EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/03 6:40 p.m.7 views

CVE-2024-3884

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS7.6AI score0.01256EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/18 2:42 p.m.8 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/06 2:27 a.m.6 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/06 2:27 a.m.7 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/05 11:49 p.m.4 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 11:37 p.m.3 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 8:2 p.m.3 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 11:19 a.m.8 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/03 8:27 p.m.2 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
RubySec
RubySec
added 2025/10/10 12:0 a.m.10 views

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Summary Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of...

7.5CVSS6.5AI score0.00605EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/29 7:18 a.m.24 views

BIT-FLUENT-BIT-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly...

7.5CVSS7.4AI score0.00944EPSS
Exploits2References3
Microsoft CVE
Microsoft CVE
added 2024/04/01 7:0 a.m.4 views

In Fluent Bit 2.1.8 through 2.2.1 a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

...

7.5CVSS7AI score0.00944EPSS
Exploits2
Rows per page
Query Builder