33187 matches found
Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...
Oj: Integer Overflow in Oj.load 2GB String Handling
Summary Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet, causing memcpy to copy an astronomically large amount of data out of bounds. This crashes the process...
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling
Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...
Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening (DNS-rebinding, request-body limits, read-only reads, default network exposure)
Kozou compiles a PostgreSQL schema into an Admin UI, a REST API, and an MCP server. Several hardening gaps in the bundled HTTP surfaces and the scaffolded dev stack are fixed in 1.8.1. Issues 1. MCP HTTP server lacked DNS-rebinding protection. The Streamable HTTP transport is unauthenticated and...
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT default 10 hours and decrypt or forge any subsequent WS‑SecureConversation traffic that uses...
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. Preconditions Relying-party service is hosted with WSFederationHttpBinding or...
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...
CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite, but does not validate the DigestMethod declared on each ds:Reference. As a result, a sender can populate ds:SignedInfo with SignatureMethod...
CoreWCF: SAML token replay protection is inoperative
Impact When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Provide your own implementation of ITokenReplayCache with the correct behavior...
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another getpwuid/getgrgid non-reentrant and may crash the host process under contention. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Restrict UDS filesystem permissions so that only trust...
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...
CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity does not require the client to perform the application/unixposix...
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, no...
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate
Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver commonly the IssuerTokenResolve...
CoreWCF: WS-Security signature substitution via document-wide Signature lookup
Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...
CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake
Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. Preconditions An attacker being able to reach a service which is exposing an endpoint using one of NetTcpBinding, NetNamedPipeBindin...
Python Liquid: Infinite loop when parsing malformed `{% case %}` tags
Impact Given a malformed % case % tag without associated % when % or % else % block, and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack. Patches The issue is fixed in...
Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation
Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...
Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close
Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...
Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent
Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...
parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist
Impact Parse Server's default fileUpload.fileExtensions blocklist is intended to prevent uploading files that browsers render as active content such as HTML and SVG, which can be used to perform stored cross-site scripting XSS attacks against other users. The blocklist could be bypassed by...
Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input
Summary Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. Details Two-step chain in ext/oj/fast.c: 1. doceachchild line 1501 increments doc-where pas...
jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories
Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...
jupyterlab-git extension: Stored XSS leading to RCE
Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...
Oj: intern.c form_attr (uninitialized stack read)
Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...
Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders
Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using torch.load..., weightsonly=True, but automatically falls back to the fully unsafe torch.load..., weightsonly=False when the safe load raises pickle.UnpicklingError. Because the UnpicklingError condition is fully...
Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN
Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...
Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string such as: text axxxx...x=1 causes Faraday to build a deeply nested Ruby Hash structure. The internal dehash...
containerd CRI checkpoint restore CDI annotation smuggling
Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore
Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...
containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...
Oj: Stack Buffer Overflow in Oj.dump via Large Indent
Summary Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without validating the size. When opts-indent is set to INTMAX 2,147,483,647, the sizet cast preserves the larg...
containerd: CRI checkpoint import allows local image tag poisoning
Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious...
parse-server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL
Impact A relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting client by protectedFields, and even when the object owning the relation was not readable by the client under its ACL or class-level permissions...
parse-server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied
Impact Apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and /verifyPassword endpoints. These endpoints re-fetch the user through the access-controlled query pipeline CLP, protectedFields, auth-adapter sanitizers...
parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist
Impact The default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g. poc.svg.. The trailing dot causes the extension parser to extract an empty string, which short-circuits the blocklist check, and the...
symfony/ux-autocomplete: XSS via unescaped AJAX response data
Description The Stimulus controller shipped with symfony/ux-autocomplete renders AJAX response items into the dropdown by interpolating the text field directly into HTML template literals $itemlabelField inside createAutocompleteWithRemoteData. The value is parsed as HTML rather than text, so any...
symfony/ux-live-component: CSRF Protection Bypass — Accept Header is CORS-Safelisted
Description When using symfony/ux-live-component, methods annotated with LiveAction are invokable from the browser and mutate server-side state via AJAX. Symfony\UX\LiveComponent\EventListener\LiveComponentSubscriber::isLiveComponentRequest gated these invocations on the presence of Accept:...
symfony/ux-live-component: LiveComponentHydrator HMAC checksum lacks component and slot binding
Description In symfony/ux-live-component, a component's server-side state is exposed to the browser as a set of props LiveProp-annotated properties. Props marked writable: true can be freely changed by the client. Read-only props are round-tripped to the browser and back, and their integrity is...
symfony/ux-autocomplete: Information exposure via unescaped LIKE wildcards in EntitySearchUtil
Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...
symfony/ux-live-component: XSS via attacker-controlled child component tag
Description Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the $childTag argument directly into the HTML output as a tag name, without escaping or validation. The value originates from client-controlled JSON childrenid.tag parsed by LiveComponentSubscriber an...
symfony/ux-live-component: Denial of service via unbounded batch action requests
Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...
parse-server: Server option routeAllowList is bypassable through batch sub-requests
Impact The routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as Express middleware against the outer HTTP request URL, so the /batch handler dispatches each sub-request to the internal router without re-running the...
containerd image-triggered runtime DoS via unbounded group parsing
Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory OOM kill of the containerd process. This renders the container runtime API unavailab...
Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle
Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...
ux-live-component: Format-less date LiveProps parsed with the permissive DateTime constructor
Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value. The DateTime / DateTimeImmutable constructors accept relative strings such as "now", "tomorrow",...