exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2023-52079

почти 2 года назад

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

CVSS3: 5.9

EPSS: Низкий

CVE-2023-52079

почти 2 года назад

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.

CVSS3: 6.8

EPSS: Низкий

GHSA-7hpj-7hhx-2fgx

почти 2 года назад

msgpackr's conversion of property names to strings can trigger infinite recursion

CVSS3: 8.6

EPSS: Низкий

BDU:2024-03157

почти 2 года назад

Уязвимость реализации MessagePack NodeJS/JavaScript msgpackr, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 6.5

EPSS: Низкий

ROS-20240418-08

больше 1 года назад

Множественные уязвимости opensearch-dashboards

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-52079 msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.	CVSS3: 5.9	0% Низкий	почти 2 года назад
CVE-2023-52079 msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.	CVSS3: 6.8	0% Низкий	почти 2 года назад
GHSA-7hpj-7hhx-2fgx msgpackr's conversion of property names to strings can trigger infinite recursion	CVSS3: 8.6	0% Низкий	почти 2 года назад
BDU:2024-03157 Уязвимость реализации MessagePack NodeJS/JavaScript msgpackr, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 6.5	0% Низкий	почти 2 года назад
ROS-20240418-08 Множественные уязвимости opensearch-dashboards	CVSS3: 7.5		больше 1 года назад

Уязвимостей на страницу