In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4.1 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is …
[github.com/cloudflare/goflow/v3/decoders/sflow] Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package
Impact
The sflow decode package prior to version 3.4.4 is vulnerable to a denial of service attack. Attackers can craft malformed packets causing the process to consume huge amounts of memory resulting in a denial of service.
Patches
Version 3.4.4 cont…
[css-what] css-what vulnerable to ReDoS due to use of insecure regular expression
The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse f…
[react-native-reanimated] react-native-reanimated vulnerable to ReDoS
The package react-native-reanimated before 3.0.0-rc.1 is vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-24373
http…
[rdiffweb] rdiffweb’s lack of token name length limit can result in DoS or memory corruption
rdiffweb prior to 2.5.0a3 is vulnerable to Allocation of Resources Without Limits or Throttling. A lack of limit in the length of the Token name parameter can result in denial of service or memory corruption. Version 2.5.0a3 fixes this issue.
Reference…
[matrix-nio] When matrix-nio receives forwarded room keys, the receiver doesn’t check if it requested the key from the forwarder
When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn’t check that the device that responded matches the device the key was requested fro…
[matrix-js-sdk] matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
Impact
An attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities, leading to the other device trusting/verify…
[twig/twig] Twig may load a template outside a configured directory when using the filesystem loader
Description
When using the filesystem loader to load templates for which the name is a user input, it is possible to use the source or include statement to read arbitrary files from outside the templates directory when using a namespace like @somewhere…
[com.wire.bots:lithium] Lithium vulnerable to Cross Site Scripting in provided Swagger-UI
Impact
A XSS vulnerability in the provided (outdated) Swagger-UI is exploitable in applications using lithium with Swagger-UI enabled.
This allows an attacker gain Remote Code Execution (RCE) and potentially exfiltrate secrets in the context of this s…
[org.matrix.android:matrix-android-sdk2] matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
Impact
An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield.
Additionally, a sophisticated attacker cooperating with a malici…