exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2023-52079

больше 1 года назад

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

CVSS3: 5.9

EPSS: Низкий

CVE-2023-52079

больше 1 года назад

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

CVSS3: 6.8

EPSS: Низкий

GHSA-7hpj-7hhx-2fgx

больше 1 года назад

msgpackr's conversion of property names to strings can trigger infinite recursion

CVSS3: 8.6

EPSS: Низкий

BDU:2024-03157

больше 1 года назад

Уязвимость реализации MessagePack NodeJS/JavaScript msgpackr, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 6.5

EPSS: Низкий

ROS-20240418-08

около 1 года назад

Множественные уязвимости opensearch-dashboards

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-52079 msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.	CVSS3: 5.9	0% Низкий	больше 1 года назад
CVE-2023-52079 msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.	CVSS3: 6.8	0% Низкий	больше 1 года назад
GHSA-7hpj-7hhx-2fgx msgpackr's conversion of property names to strings can trigger infinite recursion	CVSS3: 8.6	0% Низкий	больше 1 года назад
BDU:2024-03157 Уязвимость реализации MessagePack NodeJS/JavaScript msgpackr, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 6.5	0% Низкий	больше 1 года назад
ROS-20240418-08 Множественные уязвимости opensearch-dashboards	CVSS3: 7.5		около 1 года назад

Уязвимостей на страницу