CWE-1284
AllowedImproper Validation of Specified Quantity in Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
500 vulnerabilities reference this CWE, most recent first.
GHSA-78VR-Q6CF-C7P6
Vulnerability from github – Published: 2026-06-19 21:15 – Updated: 2026-06-19 21:15Summary
The Order::setPaymentAmount() method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied 'paymentAmount' parameter directly to float with no lower-bound check.
Details
When the store has 'Allow Partial Payment on Checkout' enabled, a user can submit a payment amount of $0.00 or even a negative value, potentially marking orders as paid without a valid transaction.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Impact
On stores with partial payment enabled, a customer may be able to set an arbitrarily small payment amount. Gateway behavior varies — some will process $0.00 transactions, effectively giving free order fulfillment.
Remediation
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.6.4"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/commerce"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.6.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.11.1"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/commerce"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T21:15:23Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nThe `Order::setPaymentAmount()` method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied \u0027paymentAmount\u0027 parameter directly to float with no lower-bound check. \n\n### Details\n\nWhen the store has \u0027Allow Partial Payment on Checkout\u0027 enabled, a user can submit a payment amount of $0.00 or even a negative value, potentially marking orders as paid without a valid transaction.\n\n\u003cimg width=\"690\" height=\"80\" alt=\"image\" src=\"https://github.com/user-attachments/assets/78b653a6-ccae-4ce4-b71b-fc38a7757d73\" /\u003e\n\n\u003cimg width=\"761\" height=\"200\" alt=\"image\" src=\"https://github.com/user-attachments/assets/665a235f-62c2-45fe-aa41-c3f266881c77\" /\u003e\n\n### PoC\n\n_Complete instructions, including specific configuration details, to reproduce the vulnerability._\n\u003cimg width=\"606\" height=\"144\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a04a6de2-7c5f-4837-aed6-58756e246b80\" /\u003e\n\n\n### Impact\nOn stores with partial payment enabled, a customer may be able to set an arbitrarily small payment amount. Gateway behavior varies \u2014 some will process $0.00 transactions, effectively giving free order fulfillment.\n\n**Remediation**\n\n\u003cimg width=\"718\" height=\"98\" alt=\"image\" src=\"https://github.com/user-attachments/assets/aa64b696-9749-45e4-97f6-8d7299cdf1d6\" /\u003e",
"id": "GHSA-78vr-q6cf-c7p6",
"modified": "2026-06-19T21:15:23Z",
"published": "2026-06-19T21:15:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/craftcms/commerce/security/advisories/GHSA-78vr-q6cf-c7p6"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/commerce/commit/9a88392b3074aa132a9455d4f4b582411df52c74"
},
{
"type": "PACKAGE",
"url": "https://github.com/craftcms/commerce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Craft Commerce: Partial Payment Amount Without Lower Bound Validation"
}
GHSA-797V-2V4C-3XVX
Vulnerability from github – Published: 2026-05-04 15:31 – Updated: 2026-06-30 03:36An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method
{
"affected": [],
"aliases": [
"CVE-2025-70069"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T14:16:29Z",
"severity": "HIGH"
},
"details": "An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method",
"id": "GHSA-797v-2v4c-3xvx",
"modified": "2026-06-30T03:36:29Z",
"published": "2026-05-04T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70069"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-70069"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465306"
},
{
"type": "WEB",
"url": "https://gist.github.com/GunP4ng/9080ae7f0470c889a59cc3bfca445223"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70069.json"
},
{
"type": "WEB",
"url": "http://assimp.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CGG-8926-325V
Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2023-07-21 18:30The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
{
"affected": [],
"aliases": [
"CVE-2022-0214"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-14T12:15:00Z",
"severity": "HIGH"
},
"details": "The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog",
"id": "GHSA-7cgg-8926-325v",
"modified": "2023-07-21T18:30:33Z",
"published": "2022-02-15T00:02:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0214"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CQ3-5G9G-7W8Q
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
{
"affected": [],
"aliases": [
"CVE-2026-49078"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:17:19Z",
"severity": "HIGH"
},
"details": "Unauthenticated Other Vulnerability Type in WP Travel Engine \u003c= 6.7.10 versions.",
"id": "GHSA-7cq3-5g9g-7w8q",
"modified": "2026-06-15T21:30:49Z",
"published": "2026-06-15T21:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49078"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-travel-engine/vulnerability/wordpress-wp-travel-engine-plugin-6-7-10-other-vulnerability-type-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7FHF-99F5-2645
Vulnerability from github – Published: 2025-01-06 06:30 – Updated: 2025-01-06 15:30In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165.
{
"affected": [],
"aliases": [
"CVE-2024-20149"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T04:15:07Z",
"severity": "HIGH"
},
"details": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165.",
"id": "GHSA-7fhf-99f5-2645",
"modified": "2025-01-06T15:30:59Z",
"published": "2025-01-06T06:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20149"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/January-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7GHQ-FVR3-PJ2X
Vulnerability from github – Published: 2021-08-25 14:41 – Updated: 2024-11-13 21:12Impact
An attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing validation:
import tensorflow as tf
tf.raw_ops.MaxPoolGrad(
orig_input = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),
orig_output = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),
grad = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),
ksize = [1, 16, 16, 1],
strides = [1, 16, 18, 1],
padding = "EXPLICIT",
explicit_paddings = [0, 0, 14, 3, 15, 5, 0, 0])
The implementation misses some validation for the orig_input and orig_output tensors.
The fixes for CVE-2021-29579 were incomplete.
Patches
We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang of Baidu Security.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37674"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-24T15:39:22Z",
"nvd_published_at": "2021-08-12T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nAn attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation:\n\n```python\nimport tensorflow as tf\n \ntf.raw_ops.MaxPoolGrad(\n orig_input = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),\n orig_output = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),\n grad = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),\n ksize = [1, 16, 16, 1],\n strides = [1, 16, 18, 1],\n padding = \"EXPLICIT\",\n explicit_paddings = [0, 0, 14, 3, 15, 5, 0, 0])\n```\n \nThe [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the `orig_input` and `orig_output` tensors.\n\nThe fixes for [CVE-2021-29579](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-068.md) were incomplete.\n \n### Patches\nWe have patched the issue in GitHub commit [136b51f10903e044308cf77117c0ed9871350475](https://github.com/tensorflow/tensorflow/commit/136b51f10903e044308cf77117c0ed9871350475).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang of Baidu Security.",
"id": "GHSA-7ghq-fvr3-pj2x",
"modified": "2024-11-13T21:12:32Z",
"published": "2021-08-25T14:41:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7ghq-fvr3-pj2x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37674"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/136b51f10903e044308cf77117c0ed9871350475"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-587.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-785.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-296.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-068.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Incomplete validation in `MaxPoolGrad`"
}
GHSA-7H4P-27MH-HMRW
Vulnerability from github – Published: 2023-11-03 06:36 – Updated: 2025-11-04 19:43In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "3.2"
},
{
"fixed": "3.2.21"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "4.1"
},
{
"fixed": "4.1.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "4.2"
},
{
"fixed": "4.2.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-41164"
],
"database_specific": {
"cwe_ids": [
"CWE-1284",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-03T19:32:41Z",
"nvd_published_at": "2023-11-03T05:15:29Z",
"severity": "MODERATE"
},
"details": "In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.",
"id": "GHSA-7h4p-27mh-hmrw",
"modified": "2025-11-04T19:43:27Z",
"published": "2023-11-03T06:36:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41164"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9"
},
{
"type": "WEB",
"url": "https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0"
},
{
"type": "WEB",
"url": "https://docs.djangoproject.com/en/4.2/releases/security"
},
{
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!forum/django-announce"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#%21forum/django-announce"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231214-0002"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Django Denial of service vulnerability in django.utils.encoding.uri_to_iri"
}
GHSA-7MPR-5M44-H73R
Vulnerability from github – Published: 2025-04-27 00:30 – Updated: 2025-04-28 14:34python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to
through
. This causes memory consumption.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "markdownify"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-46656"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-28T14:34:51Z",
"nvd_published_at": "2025-04-26T22:15:17Z",
"severity": "LOW"
},
"details": "python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as \u003ch9999999\u003e in addition to \u003ch1\u003e through \u003ch6\u003e. This causes memory consumption.",
"id": "GHSA-7mpr-5m44-h73r",
"modified": "2025-04-28T14:34:51Z",
"published": "2025-04-27T00:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46656"
},
{
"type": "WEB",
"url": "https://github.com/matthewwithanm/python-markdownify/issues/143"
},
{
"type": "WEB",
"url": "https://github.com/matthewwithanm/python-markdownify/commit/959561879693bf4a576f99c6733b50b01186aa08"
},
{
"type": "PACKAGE",
"url": "https://github.com/matthewwithanm/python-markdownify"
},
{
"type": "WEB",
"url": "https://github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "markdownify allows large headline prefixes such as \u003ch9999999\u003e, which causes memory consumption"
}
GHSA-7P2M-7XHQ-7V45
Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-22 00:00A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21943"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-1284",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-14T20:15:00Z",
"severity": "HIGH"
},
"details": "A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-7p2m-7xhq-7v45",
"modified": "2022-04-22T00:00:51Z",
"published": "2022-04-15T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21943"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1373"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7VX3-5MQ4-MCCG
Vulnerability from github – Published: 2025-02-12 00:32 – Updated: 2025-02-12 00:32Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
{
"affected": [],
"aliases": [
"CVE-2023-20582"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T22:15:26Z",
"severity": "MODERATE"
},
"details": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.",
"id": "GHSA-7vx3-5mq4-mccg",
"modified": "2025-02-12T00:32:16Z",
"published": "2025-02-12T00:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20582"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.