CVE-2020-11016

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

GHSA-7HPJ-7HHX-2FGX msgpackr's conversion of property names to strings can trigger infinite recursion

Impact When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. Patches The fix is available in v1.10.1 Workarounds Exploits seem to require structured cloning, replacing the 0x70 extension with your own that...