GHSA-rm76-4mrf-v9r8: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

GHSA-c7w4-9wv8-7x7c: WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

GHSA-9r4c-jwx3-3j76: WhoDB has a path traversal opening Sqlite3 database

GHSA-2hjh-495w-hmxc: Sylius allows unrestricted brute-force attacks on user accounts

GHSA-j82m-pc2v-2484: Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

rdiffweb prior to 2.4.8 is vulnerable to a potential Dos attack via an unlimited length "username" field. This can result in excess memory consumption, or memory corruption, leading to a Denial of Service (DoS). This issue is patched in version 2.4.8. There are no known workarounds.

**rdiffweb's unlimited username field length can lead to DoS**

High severity GitHub Reviewed Published Sep 27, 2022 • Updated Sep 30, 2022

Headline

GHSA-5v95-j4rr-6f3c: rdiffweb's unlimited username field length can lead to DoS

Related news

ghsa: Latest News