-
hapi-auth-jwt requires an old version of `jsonwebtoken` (5.x), which depends on `ms` which has a ReDoS vulnerability. Please update `jsonwebtoken` to use at least 7.4.1 which has fixed this issue.
…
petey updated
7 years ago
-
Hey,
As reported in https://github.com/zeta12ti/parse_duration/pull/18 there are payloads that makes the `parse_duration::parse(input)` to cause denial of service through big integer `pow` calculat…
-
It is possible for the utilisation ratio of the two tranches to be greater than `utilisationThreshold`. If this scenario occurs and a user wishes to withdraw or deposit to a tranche with an amount tha…
-
```
There is a simple DoS attack against the UniMRCP server:
1. Client sends SIP INVITE.
2. Server creates and opens engine channel, starts listening for MRCPv2
connection and answers.
3. If the cli…
-
There's one constant source of crashes, SEGV due to NULL pointer de-references in APIs. They are literally everywhere. eg glibc
#include
int main()
{
puts(NULL);
return 0;
}
C11 h…
-
```
There is a simple DoS attack against the UniMRCP server:
1. Client sends SIP INVITE.
2. Server creates and opens engine channel, starts listening for MRCPv2
connection and answers.
3. If the cli…
-
**Is your feature request related to a problem? Please describe.**
Need to protect against denial of service/ and help with information flow enforcement [AC-4](https://nvd.nist.gov/800-53/Rev4/contro…
-
```
=== npm audit security report ===
┌──────────────────────────────…
-
For both a safety hazard mitigation and cyber-attack point of view DoS should be identified and the risk reduced. DoS could occur via two attack vectors:
1. Data handling overloading
2. Calculatin…
-
There's plenty of code like the following, that every time creates a security problem due to how one can easily stuff the client with silent peers, as a form of cheap DoS - without a timeout they will…