8 matches found
EUVD-2026-20779
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...
Duplicate Advisory: Unfurl's unbounded zlib decompression allows decompression bomb DoS
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h5qv-qjv4-pc5m. This link is maintained to preserve external references. Original Description Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote...
GHSA-C3F2-QG8V-25Q2 Duplicate Advisory: Unfurl's unbounded zlib decompression allows decompression bomb DoS
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h5qv-qjv4-pc5m. This link is maintained to preserve external references. Original Description Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote...
CVE-2026-40036
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...
CVE-2026-40036 Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...
CVE-2026-40036 Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...
CVE-2026-40036
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parsecompressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server...
PT-2026-31471
Name of the Vulnerable Software and Affected Versions Unfurl versions prior to 2026.04 Description Unfurl contains a flaw in the parse compressed.py component due to unbounded zlib decompression. Remote attackers can leverage this to cause a denial of service. Specifically, attackers can send...