14 matches found
EUVD-2026-30712
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
GHSA-866G-F22W-33X8 @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue
A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
EUVD-2026-30714
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8768
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
CVE-2026-8767
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8769 vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-8768
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
Vercel AI SDK 资源管理错误漏洞
Vercel AI SDK is a JavaScript SDK provided by Vercel that supports the integration of large language models, streaming responses, and AI application development. Vercel AI SDK versions 3.0.97 and earlier contain a resource management vulnerability. This vulnerability stems from the functions...
PT-2026-41588
Name of the Vulnerable Software and Affected Versions vercel ai versions prior to 3.0.98 Description A resource consumption issue exists in the provider-utils component. The flaw is located within the createJsonResponseHandler and createJsonErrorResponseHandler functions in the...
CVE-2026-1396
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1396
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1396 Magic Conversation For Gravity Forms <= 3.0.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1396
The CVE-2026-1396 entry affects the WordPress plugin Magic Conversation For Gravity Forms. It reports a Stored Cross-Site Scripting vulnerability in the magic-conversation shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are a...
CVE-2026-1396 Magic Conversation For Gravity Forms <= 3.0.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...