Security
Headlines

Headlines Latest CVEs

Headline

GHSA-qrj3-hrgj-fm7r: rdiffweb's unlimited length email field can lead to DoS

rdiffweb prior to 2.4.8 does not validate email length, allowing users to insert an email longer than 255 characters. If a user signs up with an email with a length of 1 million or more characters and logs in, withdraws, or changes their email, the server may cause denial of service due to overload. Version 2.4.8 sets length limits for username, email, and root directory.

2 years ago

rdiffweb’s unlimited length email field can lead to DoS

High severity GitHub Reviewed Published Sep 27, 2022 • Updated Sep 30, 2022

Related news

CVE-2022-3272: Define field limit for username, email and root directory #223 · ikus060/rdiffweb@667657c

Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.

2 years ago

ghsa: Latest News

GHSA-rm76-4mrf-v9r8: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

9 hours ago

GHSA-c7w4-9wv8-7x7c: WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

9 hours ago

GHSA-9r4c-jwx3-3j76: WhoDB has a path traversal opening Sqlite3 database

9 hours ago

GHSA-2hjh-495w-hmxc: Sylius allows unrestricted brute-force attacks on user accounts

10 hours ago

GHSA-j82m-pc2v-2484: Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

11 hours ago