Описание
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server memory and crashing the service.
EPSS
Процентиль: 28%
0.00099
Низкий
7.5 High
CVSS3
Дефекты
CWE-409
Связанные уязвимости
CVSS3: 7.5
github
2 дня назад
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server memory and crashing the service.
EPSS
Процентиль: 28%
0.00099
Низкий
7.5 High
CVSS3
Дефекты
CWE-409