Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

500 vulnerabilities reference this CWE, most recent first.

GHSA-78VR-Q6CF-C7P6

Vulnerability from github – Published: 2026-06-19 21:15 – Updated: 2026-06-19 21:15
VLAI
Summary
Craft Commerce: Partial Payment Amount Without Lower Bound Validation
Details

Summary

The Order::setPaymentAmount() method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied 'paymentAmount' parameter directly to float with no lower-bound check.

Details

When the store has 'Allow Partial Payment on Checkout' enabled, a user can submit a payment amount of $0.00 or even a negative value, potentially marking orders as paid without a valid transaction.

image

image

PoC

Complete instructions, including specific configuration details, to reproduce the vulnerability. image

Impact

On stores with partial payment enabled, a customer may be able to set an arbitrarily small payment amount. Gateway behavior varies — some will process $0.00 transactions, effectively giving free order fulfillment.

Remediation

image

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.6.4"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "craftcms/commerce"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.6.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.11.1"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "craftcms/commerce"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-19T21:15:23Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThe `Order::setPaymentAmount()` method accepts any float value without enforcing a minimum positive amount. The PaymentsController casts the user-supplied \u0027paymentAmount\u0027 parameter directly to float with no lower-bound check. \n\n### Details\n\nWhen the store has \u0027Allow Partial Payment on Checkout\u0027 enabled, a user can submit a payment amount of $0.00 or even a negative value, potentially marking orders as paid without a valid transaction.\n\n\u003cimg width=\"690\" height=\"80\" alt=\"image\" src=\"https://github.com/user-attachments/assets/78b653a6-ccae-4ce4-b71b-fc38a7757d73\" /\u003e\n\n\u003cimg width=\"761\" height=\"200\" alt=\"image\" src=\"https://github.com/user-attachments/assets/665a235f-62c2-45fe-aa41-c3f266881c77\" /\u003e\n\n### PoC\n\n_Complete instructions, including specific configuration details, to reproduce the vulnerability._\n\u003cimg width=\"606\" height=\"144\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a04a6de2-7c5f-4837-aed6-58756e246b80\" /\u003e\n\n\n### Impact\nOn stores with partial payment enabled, a customer may be able to set an arbitrarily small payment amount. Gateway behavior varies \u2014 some will process $0.00 transactions, effectively giving free order fulfillment.\n\n**Remediation**\n\n\u003cimg width=\"718\" height=\"98\" alt=\"image\" src=\"https://github.com/user-attachments/assets/aa64b696-9749-45e4-97f6-8d7299cdf1d6\" /\u003e",
  "id": "GHSA-78vr-q6cf-c7p6",
  "modified": "2026-06-19T21:15:23Z",
  "published": "2026-06-19T21:15:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/commerce/security/advisories/GHSA-78vr-q6cf-c7p6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/commerce/commit/9a88392b3074aa132a9455d4f4b582411df52c74"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/craftcms/commerce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Craft Commerce: Partial Payment Amount Without Lower Bound Validation"
}

GHSA-797V-2V4C-3XVX

Vulnerability from github – Published: 2026-05-04 15:31 – Updated: 2026-06-30 03:36
VLAI
Details

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-70069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T14:16:29Z",
    "severity": "HIGH"
  },
  "details": "An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method",
  "id": "GHSA-797v-2v4c-3xvx",
  "modified": "2026-06-30T03:36:29Z",
  "published": "2026-05-04T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70069"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-70069"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465306"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/GunP4ng/9080ae7f0470c889a59cc3bfca445223"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-70069.json"
    },
    {
      "type": "WEB",
      "url": "http://assimp.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7CGG-8926-325V

Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2023-07-21 18:30
VLAI
Details

The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-14T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog",
  "id": "GHSA-7cgg-8926-325v",
  "modified": "2023-07-21T18:30:33Z",
  "published": "2022-02-15T00:02:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0214"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/ca2e8feb-15d6-4965-ad9c-8da1bc01e0f4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7CQ3-5G9G-7W8Q

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-49078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:17:19Z",
    "severity": "HIGH"
  },
  "details": "Unauthenticated Other Vulnerability Type in WP Travel Engine \u003c= 6.7.10 versions.",
  "id": "GHSA-7cq3-5g9g-7w8q",
  "modified": "2026-06-15T21:30:49Z",
  "published": "2026-06-15T21:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49078"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/wp-travel-engine/vulnerability/wordpress-wp-travel-engine-plugin-6-7-10-other-vulnerability-type-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7FHF-99F5-2645

Vulnerability from github – Published: 2025-01-06 06:30 – Updated: 2025-01-06 15:30
VLAI
Details

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-06T04:15:07Z",
    "severity": "HIGH"
  },
  "details": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165.",
  "id": "GHSA-7fhf-99f5-2645",
  "modified": "2025-01-06T15:30:59Z",
  "published": "2025-01-06T06:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20149"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/January-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GHQ-FVR3-PJ2X

Vulnerability from github – Published: 2021-08-25 14:41 – Updated: 2024-11-13 21:12
VLAI
Summary
Incomplete validation in `MaxPoolGrad`
Details

Impact

An attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing validation:

import tensorflow as tf

tf.raw_ops.MaxPoolGrad(
  orig_input = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),
  orig_output = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),
  grad = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),
  ksize = [1, 16, 16, 1],
  strides = [1, 16, 18, 1],
  padding = "EXPLICIT",
  explicit_paddings = [0, 0, 14, 3, 15, 5, 0, 0])

The implementation misses some validation for the orig_input and orig_output tensors.

The fixes for CVE-2021-29579 were incomplete.

Patches

We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475.

The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Yakun Zhang of Baidu Security.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.5.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-37674"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-24T15:39:22Z",
    "nvd_published_at": "2021-08-12T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAn attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation:\n\n```python\nimport tensorflow as tf\n  \ntf.raw_ops.MaxPoolGrad(\n  orig_input = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),\n  orig_output = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),\n  grad = tf.constant([], shape=[3, 0, 0, 2], dtype=tf.float32),\n  ksize = [1, 16, 16, 1],\n  strides = [1, 16, 18, 1],\n  padding = \"EXPLICIT\",\n  explicit_paddings = [0, 0, 14, 3, 15, 5, 0, 0])\n```\n  \nThe [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the `orig_input` and `orig_output` tensors.\n\nThe fixes for [CVE-2021-29579](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-068.md) were incomplete.\n                                                                                                                                                                                                                                                                                          \n### Patches\nWe have patched the issue in GitHub commit [136b51f10903e044308cf77117c0ed9871350475](https://github.com/tensorflow/tensorflow/commit/136b51f10903e044308cf77117c0ed9871350475).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang of Baidu Security.",
  "id": "GHSA-7ghq-fvr3-pj2x",
  "modified": "2024-11-13T21:12:32Z",
  "published": "2021-08-25T14:41:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7ghq-fvr3-pj2x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37674"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/136b51f10903e044308cf77117c0ed9871350475"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-587.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-785.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-296.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2021-068.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Incomplete validation in `MaxPoolGrad`"
}

GHSA-7H4P-27MH-HMRW

Vulnerability from github – Published: 2023-11-03 06:36 – Updated: 2025-11-04 19:43
VLAI
Summary
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Details

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2"
            },
            {
              "fixed": "3.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1"
            },
            {
              "fixed": "4.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Django"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2"
            },
            {
              "fixed": "4.2.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-03T19:32:41Z",
    "nvd_published_at": "2023-11-03T05:15:29Z",
    "severity": "MODERATE"
  },
  "details": "In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.",
  "id": "GHSA-7h4p-27mh-hmrw",
  "modified": "2025-11-04T19:43:27Z",
  "published": "2023-11-03T06:36:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41164"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/django/django/commit/ba00bc5ec6a7eff5e08be438f7b5b0e9574e8ff0"
    },
    {
      "type": "WEB",
      "url": "https://docs.djangoproject.com/en/4.2/releases/security"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/django/django"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-225.yaml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!forum/django-announce"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21forum/django-announce"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJFRPUHDYJHBH3KYHSPGULQM4JN7BMSU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQJOMNRMVPCN5WMIZ7YSX5LQ7IR2NY4D"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231214-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Django Denial of service vulnerability in django.utils.encoding.uri_to_iri"
}

GHSA-7MPR-5M44-H73R

Vulnerability from github – Published: 2025-04-27 00:30 – Updated: 2025-04-28 14:34
VLAI
Summary
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption
Details

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to

through

. This causes memory consumption.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "markdownify"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-46656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-28T14:34:51Z",
    "nvd_published_at": "2025-04-26T22:15:17Z",
    "severity": "LOW"
  },
  "details": "python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as \u003ch9999999\u003e in addition to \u003ch1\u003e through \u003ch6\u003e. This causes memory consumption.",
  "id": "GHSA-7mpr-5m44-h73r",
  "modified": "2025-04-28T14:34:51Z",
  "published": "2025-04-27T00:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46656"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matthewwithanm/python-markdownify/issues/143"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matthewwithanm/python-markdownify/commit/959561879693bf4a576f99c6733b50b01186aa08"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/matthewwithanm/python-markdownify"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "markdownify allows large headline prefixes such as \u003ch9999999\u003e, which causes memory consumption"
}

GHSA-7P2M-7XHQ-7V45

Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-22 00:00
VLAI
Details

A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-1284",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-14T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-7p2m-7xhq-7v45",
  "modified": "2022-04-22T00:00:51Z",
  "published": "2022-04-15T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21943"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1373"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7VX3-5MQ4-MCCG

Vulnerability from github – Published: 2025-02-12 00:32 – Updated: 2025-02-12 00:32
VLAI
Details

Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T22:15:26Z",
    "severity": "MODERATE"
  },
  "details": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.",
  "id": "GHSA-7vx3-5mq4-mccg",
  "modified": "2025-02-12T00:32:16Z",
  "published": "2025-02-12T00:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20582"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.