Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2023/12/28 9:16 p.m.20 views

msgpackr's conversion of property names to strings can trigger infinite recursion

Impact When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. Patches The fix is available in v1.10.1 Workarounds Exploits seem to require structured cloning, replacing the 0x70 extension with your own that...

6.8CVSS6.6AI score0.00685EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/12/28 3:20 p.m.48 views

CVE-2023-52079

CVE-2023-52079 concerns msgpackr (NodeJS/JavaScript) before version 1.10.1. When decoding user-supplied MessagePack messages, the decoder can get stuck in a loop, tying up threads. The issue is associated with how certain extensions (e.g., 0x70) may be processed; a mitigation path involves replac...

6.8CVSS6.3AI score0.00685EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/05/26 3:37 a.m.17 views

Remote Code Execution (RCE)

org.skyscreamer:nevado-jms is vulnerable to Remote Code Execution RCE. Lack of proper checking for user supplied messages allows an attacker to upload and execute malicious code on the system via maliciously crafted messages...

7.8CVSS7.9AI score0.00317EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2017/07/24 4:54 a.m.16 views

Cross-site Scripting(XSS)

Moodle is vulnerable to cross-site scripting XSS attacks. The attacks exist because message/lib.php does not sanitize the user-supplied messages properly...

3.5CVSS5.3AI score0.00998EPSS
Exploits1References4Affected Software1
Symantec
Symantec
added 2005/04/12 12:0 a.m.10 views

Microsoft Windows Kernel CSRSS Local Privilege Escalation Vulnerability

Description A local privilege-escalation vulnerability affects Microsoft Windows because the kernel fails to properly handle user-supplied messages. A local attacker may leverage this issue to completely compromise the computer. Technologies Affected Microsoft Windows 2000 Advanced Server Microso...

0.1AI score
Exploits0References1Affected Software3
Rows per page
Query Builder