Common Weakness Enumeration

CWE-400

Discouraged

Uncontrolled Resource Consumption

Abstraction: Class · Status: Draft

The product does not properly control the allocation and maintenance of a limited resource.

5412 vulnerabilities reference this CWE, most recent first.

GHSA-X3V3-8XG8-8V72

Vulnerability from github – Published: 2023-12-18 20:00 – Updated: 2023-12-28 22:03
VLAI
Summary
Sentry's Astro SDK vulnerable to ReDoS
Details

Impact

A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS).

Applications that are using Sentry's Astro SDK are affected if:

  1. They're using Sentry instrumentation:
  2. they have manually registered Sentry Middleware (affected versions 7.78.0-7.86.0);
  3. or configured Astro in SSR (server) or hybrid mode, use Astro 3.5.0 and newer and didn’t disable the automatic server instrumentation (affected versions 7.82.0-7.86.0).
  4. They have configured routes with at least two path params (e.g. /foo/[p1]/bar/[p2]).

Patches

The problem has been patched in @sentry/astro@7.87.0. The corresponding PR: https://github.com/getsentry/sentry-javascript/pull/9815

Workarounds

We strongly recommend upgrading to the latest SDK version. However, if it's not possible, the steps to mitigate the vulnerability without upgrade are: * disable auto instrumentation if you're using Astro 3.5.0 or newer * and remove the manually added Sentry middleware (if it was added before).

After these changes, Sentry error reporting will still be functional, but some details such as server-side transactions (and consequently, distributed traces between client and server) will be omitted. We therefore still recommend to update to 7.87.0 as soon as you can.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@sentry/astro"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.78.0"
            },
            {
              "fixed": "7.87.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50249"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-18T20:00:55Z",
    "nvd_published_at": "2023-12-20T14:15:21Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry\u0027s Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS).\n\nApplications that are using Sentry\u0027s Astro SDK are affected if:\n\n1. They\u0027re using Sentry instrumentation:\n   - they have [manually registered](https://docs.sentry.io/platforms/javascript/guides/astro/manual-setup/#manually-add-server-instrumentation) Sentry Middleware (affected versions 7.78.0-7.86.0);\n   - or [configured](https://docs.sentry.io/platforms/javascript/guides/astro/manual-setup/#configure-server-instrumentation) Astro in SSR (server) or hybrid mode, use Astro 3.5.0 and newer and didn\u2019t [disable the automatic server instrumentation](https://docs.sentry.io/platforms/javascript/guides/astro/manual-setup/#disable-auto-server-instrumentation) (affected versions 7.82.0-7.86.0).\n2. They have configured routes with at least two path params (e.g. `/foo/[p1]/bar/[p2]`).\n\n### Patches\nThe problem has been patched in [@sentry/astro@7.87.0](https://www.npmjs.com/package/@sentry/astro/v/7.87.0).\nThe corresponding PR: https://github.com/getsentry/sentry-javascript/pull/9815\n\n### Workarounds\nWe strongly recommend upgrading to the latest SDK version. However, if it\u0027s not possible, the steps to mitigate the vulnerability without upgrade are:\n* [disable auto instrumentation](https://docs.sentry.io/platforms/javascript/guides/astro/manual-setup/#disable-auto-server-instrumentation) if you\u0027re using Astro 3.5.0 or newer\n* and remove the manually added Sentry middleware (if it was [added](https://docs.sentry.io/platforms/javascript/guides/astro/manual-setup/#manually-add-server-instrumentation) before).\n\nAfter these changes, Sentry error reporting will still be functional, but some details such as server-side transactions (and consequently, distributed traces between client and server) will be omitted. We therefore still recommend to update to 7.87.0 as soon as you can. \n\n### References\n* [Sentry docs: Manual Setup for Astro](https://docs.sentry.io/platforms/javascript/guides/astro/manual-setup/)\n* [Release notes: sentry-javascript 7.87.0](https://github.com/getsentry/sentry-javascript/releases/tag/7.87.0)\n* [npm: @sentry/astro@7.87.0](https://www.npmjs.com/package/@sentry/astro/v/7.87.0)",
  "id": "GHSA-x3v3-8xg8-8v72",
  "modified": "2023-12-28T22:03:19Z",
  "published": "2023-12-18T20:00:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/sentry-javascript/security/advisories/GHSA-x3v3-8xg8-8v72"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50249"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/sentry-javascript/pull/9815"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getsentry/sentry-javascript/commit/fe24eb5eefa9d27b14b2b6f9ebd1debca1c208fb"
    },
    {
      "type": "WEB",
      "url": "https://docs.sentry.io/platforms/javascript/guides/astro/manual-setup/#disable-auto-server-instrumentation"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getsentry/sentry-javascript"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/@sentry/astro/v/7.87.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sentry\u0027s Astro SDK vulnerable to ReDoS"
}

GHSA-X3WF-9MWG-HM4V

Vulnerability from github – Published: 2025-10-21 21:33 – Updated: 2025-10-21 21:33
VLAI
Details

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-21T20:20:41Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and  9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
  "id": "GHSA-x3wf-9mwg-hm4v",
  "modified": "2025-10-21T21:33:41Z",
  "published": "2025-10-21T21:33:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53042"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X466-M8CX-8P3M

Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-22 18:34
VLAI
Details

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-22T16:16:43Z",
    "severity": "HIGH"
  },
  "details": "IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.",
  "id": "GHSA-x466-m8cx-8p3m",
  "modified": "2026-06-22T18:34:16Z",
  "published": "2026-06-22T18:34:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9071"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7276579"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4HH-FRX8-98R5

Vulnerability from github – Published: 2024-02-01 20:53 – Updated: 2024-10-17 19:47
VLAI
Summary
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Details

Impacted Resources

bref/src/Event/Http/Psr7Bridge.php:94-125

Description

When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in /tmp with a random filename starting with bref_upload_.

The function implementing the logic follows:

private static function parseBodyAndUploadedFiles(HttpRequestEvent $event): array
{
    $bodyString = $event->getBody();
    $files = [];
    $parsedBody = null;
    $contentType = $event->getContentType();
    if ($contentType !== null && $event->getMethod() === 'POST') {
        if (str_starts_with($contentType, 'application/x-www-form-urlencoded')) {
            parse_str($bodyString, $parsedBody);
        } else {
            $document = new Part("Content-type: $contentType\r\n\r\n" . $bodyString);
            if ($document->isMultiPart()) {
                $parsedBody = [];
                foreach ($document->getParts() as $part) {
                    if ($part->isFile()) {
                        $tmpPath = tempnam(sys_get_temp_dir(), 'bref_upload_');
                        if ($tmpPath === false) {
                            throw new RuntimeException('Unable to create a temporary directory');
                        }
                        file_put_contents($tmpPath, $part->getBody());
                        $file = new UploadedFile($tmpPath, filesize($tmpPath), UPLOAD_ERR_OK, $part->getFileName(), $part->getMimeType());

                        self::parseKeyAndInsertValueInArray($files, $part->getName(), $file);
                    } else {
                        self::parseKeyAndInsertValueInArray($parsedBody, $part->getName(), $part->getBody());
                    }
                }
            }
        }
    }
    return [$files, $parsedBody];
}

The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed.

Impact

An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. The attack has the following requirements and limitations: - The Lambda should use the Event-Driven Function runtime. - The Lambda should use the RequestHandlerInterface handler. - The Lambda should implement at least an endpoint accepting POST requests. - The attacker can send requests up to 6MB long, so multiple requests are required to fill the disk (the default Lambda disk size is 512MB, therefore with less than 100 requests the disk could be filled).

PoC

  1. Create a new Bref project.
  2. Create an index.php file with the following content:
<?php

namespace App;

require __DIR__ . '/vendor/autoload.php';

use Nyholm\Psr7\Response;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;

class MyHttpHandler implements RequestHandlerInterface
{
    public function handle(ServerRequestInterface $request): ResponseInterface
    {
        return new Response(200, [], exec("ls -lah /tmp/bref_upload* | wc -l"));
    }
}

return new MyHttpHandler();

  1. Use the following serverless.yml to deploy the Lambda:
service: app

provider:
    name: aws
    region: eu-central-1

plugins:
    - ./vendor/bref/bref

# Exclude files from deployment
package:
    patterns:
        - '!node_modules/**'
        - '!tests/**'

functions:
    api:
        handler: index.php
        runtime: php-83
        events:
            - httpApi: 'ANY /upload'
  1. Replay the following request multiple times after having replaced the <HOST> placeholder with the deployed Lambda domain:
POST /upload HTTP/2
Host: <HOST>
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryQqDeSZSSvmn2rfjb
Content-Length: 180

------WebKitFormBoundaryQqDeSZSSvmn2rfjb
Content-Disposition: form-data; name="a"; filename="a.txt"
Content-Type: text/plain

test
------WebKitFormBoundaryQqDeSZSSvmn2rfjb--
  1. Notice that each time the request is sent the number of the uploaded temporary files on the disk increases.

Suggested Remediation

Delete the temporary files after the request has been processed and the response have been generated.

References

  • https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "bref/bref"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-24752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-01T20:53:03Z",
    "nvd_published_at": "2024-02-01T16:17:14Z",
    "severity": "MODERATE"
  },
  "details": "## Impacted Resources\n\nbref/src/Event/Http/Psr7Bridge.php:94-125\n\n## Description\n\nWhen Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object.\nDuring the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`.\n\nThe function implementing the logic follows:\n\n```php\nprivate static function parseBodyAndUploadedFiles(HttpRequestEvent $event): array\n{\n    $bodyString = $event-\u003egetBody();\n    $files = [];\n    $parsedBody = null;\n    $contentType = $event-\u003egetContentType();\n    if ($contentType !== null \u0026\u0026 $event-\u003egetMethod() === \u0027POST\u0027) {\n        if (str_starts_with($contentType, \u0027application/x-www-form-urlencoded\u0027)) {\n            parse_str($bodyString, $parsedBody);\n        } else {\n            $document = new Part(\"Content-type: $contentType\\r\\n\\r\\n\" . $bodyString);\n            if ($document-\u003eisMultiPart()) {\n                $parsedBody = [];\n                foreach ($document-\u003egetParts() as $part) {\n                    if ($part-\u003eisFile()) {\n                        $tmpPath = tempnam(sys_get_temp_dir(), \u0027bref_upload_\u0027);\n                        if ($tmpPath === false) {\n                            throw new RuntimeException(\u0027Unable to create a temporary directory\u0027);\n                        }\n                        file_put_contents($tmpPath, $part-\u003egetBody());\n                        $file = new UploadedFile($tmpPath, filesize($tmpPath), UPLOAD_ERR_OK, $part-\u003egetFileName(), $part-\u003egetMimeType());\n\n                        self::parseKeyAndInsertValueInArray($files, $part-\u003egetName(), $file);\n                    } else {\n                        self::parseKeyAndInsertValueInArray($parsedBody, $part-\u003egetName(), $part-\u003egetBody());\n                    }\n                }\n            }\n        }\n    }\n    return [$files, $parsedBody];\n}\n```\n\nThe flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed.\n\n## Impact\n\nAn attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files.\nThe attack has the following requirements and limitations:\n- The Lambda should use the Event-Driven Function runtime.\n- The Lambda should use the `RequestHandlerInterface` handler.\n- The Lambda should implement at least an endpoint accepting POST requests.\n- The attacker can send requests up to 6MB long, so multiple requests are required to fill the disk (the default Lambda disk size is 512MB, therefore with less than 100 requests the disk could be filled).\n\n## PoC\n\n1. Create a new Bref project.\n2. Create an `index.php` file with the following content:\n```php\n\u003c?php\n\nnamespace App;\n\nrequire __DIR__ . \u0027/vendor/autoload.php\u0027;\n\nuse Nyholm\\Psr7\\Response;\nuse Psr\\Http\\Message\\ResponseInterface;\nuse Psr\\Http\\Message\\ServerRequestInterface;\nuse Psr\\Http\\Server\\RequestHandlerInterface;\n\nclass MyHttpHandler implements RequestHandlerInterface\n{\n    public function handle(ServerRequestInterface $request): ResponseInterface\n    {\n        return new Response(200, [], exec(\"ls -lah /tmp/bref_upload* | wc -l\"));\n    }\n}\n\nreturn new MyHttpHandler();\n\n```\n3. Use the following `serverless.yml` to deploy the Lambda:\n```yaml\nservice: app\n\nprovider:\n    name: aws\n    region: eu-central-1\n\nplugins:\n    - ./vendor/bref/bref\n\n# Exclude files from deployment\npackage:\n    patterns:\n        - \u0027!node_modules/**\u0027\n        - \u0027!tests/**\u0027\n\nfunctions:\n    api:\n        handler: index.php\n        runtime: php-83\n        events:\n            - httpApi: \u0027ANY /upload\u0027\n```\n4. Replay the following request multiple times after having replaced the `\u003cHOST\u003e` placeholder with the deployed Lambda domain:\n```\nPOST /upload HTTP/2\nHost: \u003cHOST\u003e\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryQqDeSZSSvmn2rfjb\nContent-Length: 180\n\n------WebKitFormBoundaryQqDeSZSSvmn2rfjb\nContent-Disposition: form-data; name=\"a\"; filename=\"a.txt\"\nContent-Type: text/plain\n\ntest\n------WebKitFormBoundaryQqDeSZSSvmn2rfjb--\n```\n5. Notice that each time the request is sent the number of the uploaded temporary files on the disk increases.\n\n## Suggested Remediation\n\nDelete the temporary files after the request has been processed and the response have been generated.\n\n## References\n\n- https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html",
  "id": "GHSA-x4hh-frx8-98r5",
  "modified": "2024-10-17T19:47:24Z",
  "published": "2024-02-01T20:53:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/brefphp/bref/security/advisories/GHSA-x4hh-frx8-98r5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24752"
    },
    {
      "type": "WEB",
      "url": "https://github.com/brefphp/bref/commit/350788de12880b6fd64c4c318ba995388bec840e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/brefphp/bref"
    },
    {
      "type": "WEB",
      "url": "https://github.com/brefphp/bref/blob/2.1.12/src/Event/Http/Psr7Bridge.php#L94-L125"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Bref\u0027s Uploaded Files Not Deleted in Event-Driven Functions"
}

GHSA-X4HP-Q863-HC8M

Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-23 00:03
VLAI
Details

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-15T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.",
  "id": "GHSA-x4hp-q863-hc8m",
  "modified": "2022-04-23T00:03:22Z",
  "published": "2022-04-16T00:00:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26498"
    },
    {
      "type": "WEB",
      "url": "https://downloads.asterisk.org/pub/security"
    },
    {
      "type": "WEB",
      "url": "https://downloads.asterisk.org/pub/security/AST-2022-001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5285"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4P5-HG55-839V

Vulnerability from github – Published: 2024-07-02 21:32 – Updated: 2024-07-05 18:34
VLAI
Details

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-02T15:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).",
  "id": "GHSA-x4p5-hg55-839v",
  "modified": "2024-07-05T18:34:15Z",
  "published": "2024-07-02T21:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22104"
    },
    {
      "type": "WEB",
      "url": "https://jungo.com/windriver/versions"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04"
    },
    {
      "type": "WEB",
      "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4VP-4235-65HG

Vulnerability from github – Published: 2026-03-03 21:18 – Updated: 2026-03-20 21:13
VLAI
Summary
OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS
Details

Impact

OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability (slow-request DoS).

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected releases: <= 2026.3.1
  • Latest published vulnerable version at triage time: 2026.3.1 (npm)
  • Fixed release: 2026.3.2 (released)

Fix Commit(s)

  • d3e8b17aa6432536806b4853edc7939d891d0f25

Mitigation

Upgrade to 2026.3.2 (or newer). The fix enforces auth-before-body for affected webhook paths, adds strict pre-auth body/time budgets, and introduces shared in-flight/request guardrails with regression coverage.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.3.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T21:18:39Z",
    "nvd_published_at": "2026-03-19T22:16:34Z",
    "severity": "MODERATE"
  },
  "details": "## Impact\n\nOpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability (slow-request DoS).\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected releases: `\u003c= 2026.3.1`\n- Latest published vulnerable version at triage time: `2026.3.1` (npm)\n- Fixed release: `2026.3.2` (released)\n\n## Fix Commit(s)\n\n- `d3e8b17aa6432536806b4853edc7939d891d0f25`\n\n## Mitigation\n\nUpgrade to `2026.3.2` (or newer). The fix enforces auth-before-body for affected webhook paths, adds strict pre-auth body/time budgets, and introduces shared in-flight/request guardrails with regression coverage.",
  "id": "GHSA-x4vp-4235-65hg",
  "modified": "2026-03-20T21:13:02Z",
  "published": "2026-03-03T21:18:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32011"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/d3e8b17aa6432536806b4853edc7939d891d0f25"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-slow-request-denial-of-service-via-pre-auth-webhook-body-parsing"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS"
}

GHSA-X56G-74Q4-X3XC

Vulnerability from github – Published: 2021-12-14 00:00 – Updated: 2022-07-13 00:01
VLAI
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-13T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.",
  "id": "GHSA-x56g-74q4-x3xc",
  "modified": "2022-07-13T00:01:38Z",
  "published": "2021-12-14T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39932"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39932.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/217360"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X586-4JJM-7HC5

Vulnerability from github – Published: 2024-07-31 00:30 – Updated: 2024-07-31 00:30
VLAI
Details

An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-30T22:15:01Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.",
  "id": "GHSA-x586-4jjm-7hc5",
  "modified": "2024-07-31T00:30:42Z",
  "published": "2024-07-31T00:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37281"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/kibana-7-17-23-8-14-0-security-update-esa-2024-16/364094"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X5GF-QVW8-R2RM

Vulnerability from github – Published: 2025-06-09 21:30 – Updated: 2026-05-20 02:06
VLAI
Summary
pm2 Regular Expression Denial of Service vulnerability
Details

A vulnerability classified as problematic was found in Unitech pm2 prior to 7.0.0. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "pm2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-5891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-10T22:52:17Z",
    "nvd_published_at": "2025-06-09T19:15:25Z",
    "severity": "LOW"
  },
  "details": "A vulnerability classified as problematic was found in Unitech pm2 prior to 7.0.0. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-x5gf-qvw8-r2rm",
  "modified": "2026-05-20T02:06:26Z",
  "published": "2025-06-09T21:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5891"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Unitech/pm2/issues/6075"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Unitech/pm2/pull/5971"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Unitech/pm2/commit/8b9354800a1d157cb9503a3ec414ef1e4700dc1c"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/mmmsssttt404/407e2ffe3e0eaa393ad923a86316a385"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Unitech/pm2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Unitech/pm2/blob/ba62cae9b9b7116ee758b70f538919a52515fa26/CHANGELOG.md?plain=1#L36"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Unitech/pm2/releases/tag/v7.0.0"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.311662"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.311662"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.585750"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pm2 Regular Expression Denial of Service vulnerability"
}

Mitigation
Architecture and Design

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.

Mitigation
Architecture and Design
  • Mitigation of resource exhaustion attacks requires that the target system either:
  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
  • The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • recognizes the attack and denies that user further access for a given amount of time, or
  • uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Architecture and Design

Ensure that protocols have specific limits of scale placed on them.

Mitigation
Implementation

Ensure that all failures in resource allocation place the system into a safe posture.

CAPEC-147: XML Ping of the Death

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

CAPEC-227: Sustained Client Engagement

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.