22 matches found
GuardDog 安全漏洞
GuardDog is a CLI tool from GuardDog Open Source that allows identifying malicious PyPI packages. A security vulnerability exists in GuardDog versions prior to 2.7.1, which stems from the safeextract function not validating the unzipped file size, which could lead to a denial-of-service attack vi...
EUVD-2017-15218
Malware in sbrugna...
EUVD-2025-7112
Malicious code in bioql PyPI...
CVE-2025-58057
CVE-2025-58057 is a Netty vulnerability where, in affected releases of netty-codec-compression (≤ 4.1.124.Final) and netty-codec (≤ 4.2.4.Final), specially crafted input can cause BrotliDecoder and related decoders to allocate a large number of reachable byte buffers, leading to denial of service...
CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...
Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb
A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...
GHSA-7XMC-VHJP-QV5Q Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb
A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...
CVE-2024-10569
A vulnerability in the dataframe component of gradio-app/gradio version git 98cbcae allows for a zip bomb attack. The component uses pd.readcsv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server...
Mattermost Denial of Service Vulnerability (CNVD-2025-12636)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from a failure to limit the file size of slack import file uploads. An attacker could exploit this vulnerability to import data to...
python: The zipfile module is vulnerable to zip-bombs leading to denial of service
A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed...
Fides Webserver Vulnerable to Zip Bomb File Uploads
Impact The Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This...
K52167636: TMM vulnerability CVE-2017-6153
Security Advisory Description Features in the BIG-IP system that utilize inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. CVE-2017-6153 Impact BIG-IP systems deployed in Forward Proxy mode with the...
CVE-2019-9674
...
EulerOS Virtualization for ARM 64 3.0.6.0 : python2 (EulerOS-SA-2020-1344)
According to the versions of the python2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a...
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2020-1344)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-9674
A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service...
F5 Networks BIG-IP : TMM vulnerability (K52167636)
Features in the BIG-IP system that utilizeinflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a 'Zip Bomb' attack.CVE-2017-6153 Impact BIG-IP systems deployed in Forward Proxy mode with the inflate functionality enabled a...
CVE-2017-16129
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...
CVE-2017-16129
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...
Design/Logic Flaw
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack...