CWE-770
AllowedAllocation of Resources Without Limits or Throttling
Abstraction: Base · Status: Incomplete
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
3039 vulnerabilities reference this CWE, most recent first.
GHSA-PMPJ-JGH3-696Q
Vulnerability from github – Published: 2026-06-09 18:31 – Updated: 2026-06-16 18:32Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.
{
"affected": [],
"aliases": [
"CVE-2026-28237"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T18:16:37Z",
"severity": "MODERATE"
},
"details": "Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.",
"id": "GHSA-pmpj-jgh3-696q",
"modified": "2026-06-16T18:32:29Z",
"published": "2026-06-09T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28237"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PP5P-9G8Q-357J
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device in a sustained way. A successful exploit could cause the network stack of an affected device to run out of available buffers, impairing operations of control plane and management plane protocols, resulting in a DoS condition. Note: This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. Nexus 1000V Switch for Microsoft Hyper-V is affected in versions prior to 5.2(1)SM3(2.1). Nexus 1000V Switch for VMware vSphere is affected in versions prior to 5.2(1)SV3(4.1a). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(6) and 9.2(2). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(11), 7.0(3)I7(6), and 9.2(2). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5) and 9.2(2). Nexus 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(5)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22. Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5) and 9.2(2). UCS 6200 and 6300 Series Fabric Interconnect are affected in versions prior to 3.2(3j) and 4.0(2a). UCS 6400 Series Fabric Interconnect are affected in versions prior to 4.0(2a).
{
"affected": [],
"aliases": [
"CVE-2019-1599"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-07T20:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device in a sustained way. A successful exploit could cause the network stack of an affected device to run out of available buffers, impairing operations of control plane and management plane protocols, resulting in a DoS condition. Note: This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. Nexus 1000V Switch for Microsoft Hyper-V is affected in versions prior to 5.2(1)SM3(2.1). Nexus 1000V Switch for VMware vSphere is affected in versions prior to 5.2(1)SV3(4.1a). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(6) and 9.2(2). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(11), 7.0(3)I7(6), and 9.2(2). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5) and 9.2(2). Nexus 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(5)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22. Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5) and 9.2(2). UCS 6200 and 6300 Series Fabric Interconnect are affected in versions prior to 3.2(3j) and 4.0(2a). UCS 6400 Series Fabric Interconnect are affected in versions prior to 4.0(2a).",
"id": "GHSA-pp5p-9g8q-357j",
"modified": "2022-05-13T01:14:49Z",
"published": "2022-05-13T01:14:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1599"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107342"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PP6C-GR5W-3C5G
Vulnerability from github – Published: 2026-05-06 21:56 – Updated: 2026-05-14 20:42Summary
python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion.
Impact
Applications that parse attacker-controlled multipart/form-data with affected versions of python-multipart can experience CPU exhaustion. ASGI applications using Starlette, FastAPI, or other frameworks that invoke python-multipart may have worker or event-loop delays while processing malicious upload requests.
Details
The affected parser states are HEADER_FIELD_START, HEADER_FIELD, HEADER_VALUE_START, HEADER_VALUE, and HEADER_VALUE_ALMOST_DONE. The issue can be triggered by:
- A multipart part with an oversized individual header value.
- A multipart part with many repeated header lines or an unterminated header block.
Both variants are addressed by enforcing default parser limits for maximum header count and maximum header size.
Mitigation
Upgrade to python-multipart 0.0.27 or later.
If upgrading is not immediately possible, reduce exposure by enforcing request body size limits at the server, proxy, or framework layer. This is only a mitigation; affected versions of python-multipart still parse multipart part headers without the default header count and header size limits.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "python-multipart"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42561"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T21:56:14Z",
"nvd_published_at": "2026-05-13T21:16:47Z",
"severity": "HIGH"
},
"details": "### Summary\n\n`python-multipart` has a denial of service vulnerability in multipart part header parsing. When parsing `multipart/form-data`, `MultipartParser` previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion.\n\n### Impact\n\nApplications that parse attacker-controlled `multipart/form-data` with affected versions of `python-multipart` can experience CPU exhaustion. ASGI applications using Starlette, FastAPI, or other frameworks that invoke `python-multipart` may have worker or event-loop delays while processing malicious upload requests.\n\n### Details\n\nThe affected parser states are `HEADER_FIELD_START`, `HEADER_FIELD`, `HEADER_VALUE_START`, `HEADER_VALUE`, and `HEADER_VALUE_ALMOST_DONE`. The issue can be triggered by:\n\n- A multipart part with an oversized individual header value.\n- A multipart part with many repeated header lines or an unterminated header block.\n\nBoth variants are addressed by enforcing default parser limits for maximum header count and maximum header size.\n\n### Mitigation\n\nUpgrade to `python-multipart` `0.0.27` or later.\n\nIf upgrading is not immediately possible, reduce exposure by enforcing request body size limits at the server, proxy, or framework layer. This is only a mitigation; affected versions of `python-multipart` still parse multipart part headers without the default header count and header size limits.",
"id": "GHSA-pp6c-gr5w-3c5g",
"modified": "2026-05-14T20:42:16Z",
"published": "2026-05-06T21:56:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-pp6c-gr5w-3c5g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42561"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kludex/python-multipart"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "python-multipart has Denial of Service via unbounded multipart part headers"
}
GHSA-PP9R-XG4C-8J4X
Vulnerability from github – Published: 2026-03-19 12:44 – Updated: 2026-03-25 20:48Summary
Salvo's form data parsing implementations (form_data() method and Extractible macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) conditions by sending extremely large payloads, leading to service crashes and denial of service.
Details
Vulnerability Description
Three attack vectors exist in Salvo's form handling:
- URL-encoded form data (
application/x-www-form-urlencoded) Request::form_data()callsBodyExt::collect(body)which reads the entire body into memory without size checking-
Affects handlers using
req.form_data().awaitdirectly -
Multipart form data (
multipart/form-data) - Similar unbounded memory allocation during parsing
-
Affects handlers processing multipart uploads
-
Extractible macro
#[derive(Extractible)]with#[salvo(extract(default_source(from = "body")))]internally callsform_data()- Vulnerabilities propagate to all extractors using body sources
Root Cause
The FormData::read() implementation prioritizes convenience over safety by reading entire request bodies before validation. Even when Request::payload_with_max_size() is available, it's not automatically applied in the form parsing path.
PoC
- run
Extract data from requestexample in readme.md in docker file with limited memory say 100mb. - Send
application/x-www-form-urlencodedORmultipart/form-datapayload to the endpoint. - The server process OOM-crashes, instead of returning 413 error.
Impact
Immediate Effects
- Service Unavailability: Servers crash under memory pressure
- Resource Exhaustion: Single request can consume all available memory
- Cascading Failures: In containerized environments, OOM can affect other services
Attack Characteristics
- Low Cost: Attacker needs minimal bandwidth (header only, body can be streamed)
- No Authentication: Exploitable on public endpoints
- Difficult to Rate-Limit: Traditional rate limiting may not prevent single large request
- Amplification: Small network cost → large memory consumption
Real-World Scenarios
- Public API endpoints accepting form data
- User registration/profile update handlers
- File upload endpoints using multipart forms
- Any endpoint using
#[derive(Extractible)]with body sources
Suggestion: Make Multipart File Upload Handling Explicit Opt-In
Problem Statement
Currently, Salvo's multipart form data parsing automatically handles file uploads without explicit developer intent. This creates several security and usability concerns:
- Unintended File Storage: Developers may unknowingly accept file uploads when they only intended to handle text fields
- Disk Space Exhaustion: Automatic file buffering to disk can fill storage without proper limits
- Resource Cleanup: Temporary files may not be properly cleaned up if handlers don't expect them
- Attack Surface: Endpoints inadvertently become file upload targets
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "salvo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.89.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33241"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-19T12:44:56Z",
"nvd_published_at": "2026-03-24T00:16:29Z",
"severity": "HIGH"
},
"details": "## Summary\nSalvo\u0027s form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) conditions by sending extremely large payloads, leading to service crashes and denial of service.\n\n## Details\n### Vulnerability Description\nThree attack vectors exist in Salvo\u0027s form handling:\n\n1. **URL-encoded form data** (`application/x-www-form-urlencoded`)\n - `Request::form_data()` calls `BodyExt::collect(body)` which reads the entire body into memory without size checking\n - Affects handlers using `req.form_data().await` directly\n\n2. **Multipart form data** (`multipart/form-data`)\n - Similar unbounded memory allocation during parsing\n - Affects handlers processing multipart uploads\n\n3. **Extractible macro**\n - `#[derive(Extractible)]` with `#[salvo(extract(default_source(from = \"body\")))]` internally calls `form_data()`\n - Vulnerabilities propagate to all extractors using body sources\n\n### Root Cause\nThe `FormData::read()` implementation prioritizes convenience over safety by reading entire request bodies before validation. Even when `Request::payload_with_max_size()` is available, it\u0027s not automatically applied in the form parsing path.\n\n### PoC\n1. run `Extract data from request` example in readme.md in docker file with limited memory say 100mb.\n2. Send `application/x-www-form-urlencoded` OR `multipart/form-data` payload to the endpoint.\n3. The server process OOM-crashes, instead of returning 413 error.\n\n\n## Impact\n### Immediate Effects\n- **Service Unavailability**: Servers crash under memory pressure\n- **Resource Exhaustion**: Single request can consume all available memory\n- **Cascading Failures**: In containerized environments, OOM can affect other services\n\n### Attack Characteristics\n- **Low Cost**: Attacker needs minimal bandwidth (header only, body can be streamed)\n- **No Authentication**: Exploitable on public endpoints\n- **Difficult to Rate-Limit**: Traditional rate limiting may not prevent single large request\n- **Amplification**: Small network cost \u2192 large memory consumption\n\n### Real-World Scenarios\n1. Public API endpoints accepting form data\n2. User registration/profile update handlers\n3. File upload endpoints using multipart forms\n4. Any endpoint using `#[derive(Extractible)]` with body sources\n\n## Suggestion: Make Multipart File Upload Handling Explicit Opt-In\n\n### Problem Statement\n\nCurrently, Salvo\u0027s multipart form data parsing automatically handles file uploads without explicit developer intent. This creates several security and usability concerns:\n\n1. **Unintended File Storage**: Developers may unknowingly accept file uploads when they only intended to handle text fields\n2. **Disk Space Exhaustion**: Automatic file buffering to disk can fill storage without proper limits\n3. **Resource Cleanup**: Temporary files may not be properly cleaned up if handlers don\u0027t expect them\n4. **Attack Surface**: Endpoints inadvertently become file upload targets",
"id": "GHSA-pp9r-xg4c-8j4x",
"modified": "2026-03-25T20:48:57Z",
"published": "2026-03-19T12:44:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/salvo-rs/salvo/security/advisories/GHSA-pp9r-xg4c-8j4x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33241"
},
{
"type": "PACKAGE",
"url": "https://github.com/salvo-rs/salvo"
},
{
"type": "WEB",
"url": "https://github.com/salvo-rs/salvo/releases/tag/v0.89.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing"
}
GHSA-PPFP-WFPF-4F6C
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-08-06 00:00A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. When this issue occurs, DMA buffer usage keeps increasing and the following error log messages may be observed: Apr 14 14:29:34.360 /kernel: pid 64476 (pfex_junos), uid 0: exited on signal 11 (core dumped) Apr 14 14:29:33.790 init: pfe-manager (PID 64476) terminated by signal number 11. Core dumped! The DMA buffers on the FPC can be monitored by the executing vty command 'show heap': ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 4a46000 268435456 238230496 30204960 11 Kernel 1 18a46000 67108864 17618536 49490328 73 Bcm_sdk 2 23737000 117440512 18414552 99025960 84 DMA buf <<<<< keeps increasing 3 2a737000 16777216 16777216 0 0 DMA desc This issue affects Juniper Networks Junos OS on the EX4300: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2.
{
"affected": [],
"aliases": [
"CVE-2021-0242"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-22T20:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. When this issue occurs, DMA buffer usage keeps increasing and the following error log messages may be observed: Apr 14 14:29:34.360 /kernel: pid 64476 (pfex_junos), uid 0: exited on signal 11 (core dumped) Apr 14 14:29:33.790 init: pfe-manager (PID 64476) terminated by signal number 11. Core dumped! The DMA buffers on the FPC can be monitored by the executing vty command \u0027show heap\u0027: ID Base Total(b) Free(b) Used(b) % Name -- ---------- ----------- ----------- ----------- --- ----------- 0 4a46000 268435456 238230496 30204960 11 Kernel 1 18a46000 67108864 17618536 49490328 73 Bcm_sdk 2 23737000 117440512 18414552 99025960 84 DMA buf \u003c\u003c\u003c\u003c\u003c keeps increasing 3 2a737000 16777216 16777216 0 0 DMA desc This issue affects Juniper Networks Junos OS on the EX4300: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2.",
"id": "GHSA-ppfp-wfpf-4f6c",
"modified": "2022-08-06T00:00:42Z",
"published": "2022-05-24T17:48:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0242"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11135"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PPHV-GW4R-GWW8
Vulnerability from github – Published: 2022-07-08 00:00 – Updated: 2024-03-27 15:30curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
{
"affected": [],
"aliases": [
"CVE-2022-32206"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-07T13:15:00Z",
"severity": "MODERATE"
},
"details": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
"id": "GHSA-pphv-gw4r-gww8",
"modified": "2024-03-27T15:30:36Z",
"published": "2022-07-08T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1570651"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220915-0003"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PPW6-G989-268J
Vulnerability from github – Published: 2025-01-21 21:30 – Updated: 2025-11-03 21:32Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
{
"affected": [],
"aliases": [
"CVE-2025-21529"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T21:15:18Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
"id": "GHSA-ppw6-g989-268j",
"modified": "2025-11-03T21:32:20Z",
"published": "2025-01-21T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21529"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250131-0004"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ5C-RJHQ-QP7P
Vulnerability from github – Published: 2026-04-03 21:51 – Updated: 2026-07-17 16:18Summary
The VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py:51-62 splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The num_frames parameter (default: 32), which is enforced by the load_bytes() code path at line 47-48, is completely bypassed in the video/jpeg base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM.
Details
Vulnerable code
# video.py:51-62
def load_base64(self, media_type: str, data: str) -> tuple[npt.NDArray, dict[str, Any]]:
if media_type.lower() == "video/jpeg":
load_frame = partial(self.image_io.load_base64, "image/jpeg")
return np.stack(
[np.asarray(load_frame(frame_data)) for frame_data in data.split(",")]
# ^^^^^^^^^^
# Unbounded split — no frame count limit
), {}
return self.load_bytes(base64.b64decode(data))
The load_bytes() path (line 47-48) properly delegates to a video loader that respects self.num_frames (default 32). The load_base64("video/jpeg", ...) path bypasses this limit entirely — data.split(",") produces an unbounded list and every frame is decoded into a numpy array.
video/jpeg is part of vLLM's public API
video/jpeg is a vLLM-specific MIME type, not IANA-registered. However it is part of the public API surface:
encode_video_url()atvllm/multimodal/utils.py:96-108generatesdata:video/jpeg;base64,...URLs- Official test suites at
tests/entrypoints/openai/test_video.py:62andtests/entrypoints/test_chat_utils.py:153both use this format
Memory amplification
Each JPEG frame decodes to a full numpy array. For 640x480 RGB images, each frame is ~921 KB decoded. 5000 frames = ~4.6 GB. np.stack() then creates an additional copy. The compressed JPEG payload is small (~100 KB for 5000 frames) but decompresses to gigabytes.
Data flow
POST /v1/chat/completions
→ chat_utils.py:1434 video_url type → mm_parser.parse_video()
→ chat_utils.py:872 parse_video() → self._connector.fetch_video()
→ connector.py:295 fetch_video() → load_from_url(url, self.video_io)
→ connector.py:91 _load_data_url(): url_spec.path.split(",", 1)
→ media_type = "video/jpeg"
→ data = "<frame1>,<frame2>,...,<frame10000>"
→ connector.py:100 media_io.load_base64("video/jpeg", data)
→ video.py:54 data.split(",") ← UNBOUNDED
→ video.py:55-57 all frames decoded into numpy arrays
→ video.py:56 np.stack([...]) ← massive combined array → OOM
connector.py:91 uses split(",", 1) which splits on only the first comma. All remaining commas stay in data and are later split by video.py:54.
Comparison with existing protections
| Code Path | Frame Limit | File |
|---|---|---|
load_bytes() (binary video) |
Yes — num_frames (default 32) |
video.py:46-49 |
load_base64("video/jpeg", ...) |
No — unlimited data.split(",") |
video.py:51-62 |
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vllm"
},
"ranges": [
{
"events": [
{
"introduced": "0.7.0"
},
{
"fixed": "0.19.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34755"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T21:51:35Z",
"nvd_published_at": "2026-04-06T16:16:36Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nThe `VideoMediaIO.load_base64()` method at `vllm/multimodal/media/video.py:51-62` splits `video/jpeg` data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The `num_frames` parameter (default: 32), which is enforced by the `load_bytes()` code path at line 47-48, is completely bypassed in the `video/jpeg` base64 path. An attacker can send a single API request containing thousands of comma-separated base64-encoded JPEG frames, causing the server to decode all frames into memory and crash with OOM.\n\n## Details\n\n### Vulnerable code\n\n```python\n# video.py:51-62\ndef load_base64(self, media_type: str, data: str) -\u003e tuple[npt.NDArray, dict[str, Any]]:\n if media_type.lower() == \"video/jpeg\":\n load_frame = partial(self.image_io.load_base64, \"image/jpeg\")\n return np.stack(\n [np.asarray(load_frame(frame_data)) for frame_data in data.split(\",\")]\n # ^^^^^^^^^^\n # Unbounded split \u2014 no frame count limit\n ), {}\n return self.load_bytes(base64.b64decode(data))\n```\n\nThe `load_bytes()` path (line 47-48) properly delegates to a video loader that respects `self.num_frames` (default 32). The `load_base64(\"video/jpeg\", ...)` path bypasses this limit entirely \u2014 `data.split(\",\")` produces an unbounded list and every frame is decoded into a numpy array.\n\n### video/jpeg is part of vLLM\u0027s public API\n\n`video/jpeg` is a vLLM-specific MIME type, not IANA-registered. However it is part of the public API surface:\n\n- `encode_video_url()` at `vllm/multimodal/utils.py:96-108` generates `data:video/jpeg;base64,...` URLs\n- Official test suites at `tests/entrypoints/openai/test_video.py:62` and `tests/entrypoints/test_chat_utils.py:153` both use this format\n\n### Memory amplification\n\nEach JPEG frame decodes to a full numpy array. For 640x480 RGB images, each frame is ~921 KB decoded. 5000 frames = ~4.6 GB. `np.stack()` then creates an additional copy. The compressed JPEG payload is small (~100 KB for 5000 frames) but decompresses to gigabytes.\n\n### Data flow\n\n```\nPOST /v1/chat/completions\n \u2192 chat_utils.py:1434 video_url type \u2192 mm_parser.parse_video()\n \u2192 chat_utils.py:872 parse_video() \u2192 self._connector.fetch_video()\n \u2192 connector.py:295 fetch_video() \u2192 load_from_url(url, self.video_io)\n \u2192 connector.py:91 _load_data_url(): url_spec.path.split(\",\", 1)\n \u2192 media_type = \"video/jpeg\"\n \u2192 data = \"\u003cframe1\u003e,\u003cframe2\u003e,...,\u003cframe10000\u003e\"\n \u2192 connector.py:100 media_io.load_base64(\"video/jpeg\", data)\n \u2192 video.py:54 data.split(\",\") \u2190 UNBOUNDED\n \u2192 video.py:55-57 all frames decoded into numpy arrays\n \u2192 video.py:56 np.stack([...]) \u2190 massive combined array \u2192 OOM\n```\n\n`connector.py:91` uses `split(\",\", 1)` which splits on only the first comma. All remaining commas stay in `data` and are later split by `video.py:54`.\n\n### Comparison with existing protections\n\n| Code Path | Frame Limit | File |\n|-----------|-------------|------|\n| `load_bytes()` (binary video) | Yes \u2014 `num_frames` (default 32) | video.py:46-49 |\n| `load_base64(\"video/jpeg\", ...)` | No \u2014 unlimited `data.split(\",\")` | video.py:51-62 |",
"id": "GHSA-pq5c-rjhq-qp7p",
"modified": "2026-07-17T16:18:27Z",
"published": "2026-04-03T21:51:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pq5c-rjhq-qp7p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34755"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/pull/38636"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/commit/58ee61422169ce17e08248f8efa1e9df434fe395"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-34755"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455403"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2026-144.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vllm-project/vllm"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34755.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing"
}
GHSA-PQ5P-34CR-23V9
Vulnerability from github – Published: 2025-10-10 20:26 – Updated: 2025-11-03 18:31Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service.
Impact
-
Attack vector: unauthenticated network attacker submits a malicious JWS/JWT.
-
Effect: base64 decode + JSON/crypto processing of huge buffers pegs CPU and allocates large amounts of RAM; a single request can exhaust service capacity.
-
Observed behaviour: on a test host, the legacy code verified a 500 MB header, consuming ~4 GB RSS and ~9 s CPU before failing.
-
Severity: High. CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5).
Affected Versions Authlib ≤ 1.6.3 (and earlier) when verifying JWS/JWT tokens. Later snapshots with 256 KB header/signature limits are not affected.
Proof of concept
Local demo (do not run against third-party systems): Download jws_segment_dos_demo.py the PoC in direcotry authlib/ Run following Command
python3 jws_segment_dos_demo.py --variant both --sizes "500MB" --fork-per-case
Environment: Python 3.13.6, Authlib 1.6.4, Linux x86_64, CPUs=8
Sample output: Refined
The compilation script prints separate “[ATTACKER]” (token construction) and “[SERVER]” (Authlib verification) RSS deltas so defenders can distinguish client-side preparation from server-side amplification. Regression tests authlib/tests/dos/test_jose_dos.py further capture the issue; the saved original_util.py/original_jws.py reproductions still accept the malicious payload.
Remediation
-
Apply the upstream patch that introduces decoded size limits:
-
MAX_HEADER_SEGMENT_BYTES = 256 KB
-
MAX_SIGNATURE_SEGMENT_BYTES = 256 KB
-
Enforce Limits in authlib/jose/util.extract_segment and _extract_signature.
-
Deploy the patched release immediately.
-
For additional defence in depth, reject JWS/JWT inputs above a few kilobytes at the proxy or WAF layer, and rate-limit verification endpoints.
Workarounds (temporary)
-
Enforce input size limits before handing tokens to Authlib.
-
Use application-level throttling to reduce amplification risk.
Resources
-
Demo script: jws_segment_dos_demo.py
-
Tests: authlib/tests/dos/test_jose_dos.py
-
OWASP JWT Cheat Sheet (DoS guidance)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "authlib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-61920"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-400",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-10T20:26:43Z",
"nvd_published_at": "2025-10-10T20:15:37Z",
"severity": "HIGH"
},
"details": "**Summary**\nAuthlib\u2019s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url\u2011encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service.\n\n**Impact**\n\n- Attack vector: unauthenticated network attacker submits a malicious JWS/JWT.\n\n- Effect: base64 decode + JSON/crypto processing of huge buffers pegs CPU and allocates large amounts of RAM; a single request can exhaust service capacity.\n\n- Observed behaviour: on a test host, the legacy code verified a 500\u202fMB header, consuming ~4\u202fGB RSS and ~9\u202fs CPU before failing.\n\n- Severity: High. CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5).\n\nAffected Versions\nAuthlib \u2264\u202f1.6.3 (and earlier) when verifying JWS/JWT tokens. Later snapshots with 256\u202fKB header/signature limits are not affected.\n\n**Proof of concept**\n\nLocal demo (do not run against third-party systems):\nDownload [jws_segment_dos_demo.py](https://github.com/user-attachments/files/22450820/jws_segment_dos_demo.py) the PoC in direcotry authlib/\nRun following Command\n```\npython3 jws_segment_dos_demo.py --variant both --sizes \"500MB\" --fork-per-case\n\n```\nEnvironment: Python 3.13.6, Authlib 1.6.4, Linux x86_64, CPUs=8 \nSample output: Refined\n\u003cimg width=\"1295\" height=\"306\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6dd8410f-bc36-4717-8cee-649bac9bf291\" /\u003e\n\n\n\n\nThe compilation script prints separate \u201c[ATTACKER]\u201d (token construction) and \u201c[SERVER]\u201d (Authlib verification) RSS deltas so defenders can distinguish client-side preparation from server-side amplification. Regression tests authlib/tests/dos/test_jose_dos.py further capture the issue; the saved original_util.py/original_jws.py reproductions still accept the malicious payload.\n\n**Remediation**\n\n- Apply the upstream patch that introduces decoded size limits:\n\n- MAX_HEADER_SEGMENT_BYTES = 256 KB\n\n- MAX_SIGNATURE_SEGMENT_BYTES = 256 KB\n\n- Enforce Limits in authlib/jose/util.extract_segment and _extract_signature.\n\n- Deploy the patched release immediately.\n\n- For additional defence in depth, reject JWS/JWT inputs above a few kilobytes at the proxy or WAF layer, and rate-limit verification endpoints.\n\n**Workarounds (temporary)**\n\n- Enforce input size limits before handing tokens to Authlib.\n\n- Use application-level throttling to reduce amplification risk.\n\n**Resources**\n\n- Demo script: jws_segment_dos_demo.py\n\n- Tests: authlib/tests/dos/test_jose_dos.py\n\n- OWASP JWT Cheat Sheet (DoS guidance)",
"id": "GHSA-pq5p-34cr-23v9",
"modified": "2025-11-03T18:31:46Z",
"published": "2025-10-10T20:26:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920"
},
{
"type": "WEB",
"url": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e"
},
{
"type": "PACKAGE",
"url": "https://github.com/authlib/authlib"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Authlib is vulnerable to Denial of Service via Oversized JOSE Segments"
}
GHSA-PQ7C-X8G4-RVP6
Vulnerability from github – Published: 2026-05-18 20:22 – Updated: 2026-06-09 10:58Summary
Two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. There is no impact to confidentiality or integrity.
Details
The affected routes are the per-component resource route (added in v1.4.6) and the ESM module route (added in v3.0.0). Both join a user-supplied path segment with a registered base directory and pass the result to FileResponse. The existing existence check uses pathlib.Path.exists(), which returns True for directories — so a request whose sub-path resolves to a directory passes the guard and triggers an unhandled exception inside Starlette.
FastAPI has no default handler for RuntimeError, so each such request results in a 500 response and a multi-frame traceback in the server log.
Other NiceGUI-served paths (/static/..., /components/..., /libraries/...) are not affected; they do not use the same sub-path-to-FileResponse pattern.
Impact
A remote, unauthenticated attacker can repeatedly trigger the error condition with crafted requests. Each request emits roughly 100 lines of traceback in a default setup, and more when additional middleware layers are present. At sustained request rates this can:
- exhaust disk space on hosts with default log retention,
- saturate downstream log-shipping pipelines,
- generate alert fatigue or mask other events in monitoring.
There is no remote code execution, no path traversal, and no data exposure beyond the absolute installation path that already appears in any uncaught exception trace.
Workarounds
For deployments that cannot upgrade immediately:
- Place NiceGUI behind a reverse proxy that rejects requests where the path after
/_nicegui/<version>/esm/<key>/or/_nicegui/<version>/resources/<key>/is empty. - Rate-limit the
/_nicegui/prefix at the proxy. - Configure log rotation aggressively for the affected service.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.11.1"
},
"package": {
"ecosystem": "PyPI",
"name": "nicegui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45554"
],
"database_specific": {
"cwe_ids": [
"CWE-248",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T20:22:07Z",
"nvd_published_at": "2026-06-02T16:16:41Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nTwo FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled `RuntimeError` inside Starlette\u0027s `FileResponse`, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. There is no impact to confidentiality or integrity.\n\n### Details\n\nThe affected routes are the per-component **resource** route (added in v1.4.6) and the **ESM module** route (added in v3.0.0). Both join a user-supplied path segment with a registered base directory and pass the result to `FileResponse`. The existing existence check uses `pathlib.Path.exists()`, which returns `True` for directories \u2014 so a request whose sub-path resolves to a directory passes the guard and triggers an unhandled exception inside Starlette.\n\nFastAPI has no default handler for `RuntimeError`, so each such request results in a 500 response and a multi-frame traceback in the server log.\n\nOther NiceGUI-served paths (`/static/...`, `/components/...`, `/libraries/...`) are not affected; they do not use the same sub-path-to-`FileResponse` pattern.\n\n### Impact\n\nA remote, unauthenticated attacker can repeatedly trigger the error condition with crafted requests. Each request emits roughly 100 lines of traceback in a default setup, and more when additional middleware layers are present. At sustained request rates this can:\n\n- exhaust disk space on hosts with default log retention,\n- saturate downstream log-shipping pipelines,\n- generate alert fatigue or mask other events in monitoring.\n\nThere is no remote code execution, no path traversal, and no data exposure beyond the absolute installation path that already appears in any uncaught exception trace.\n\n### Workarounds\n\nFor deployments that cannot upgrade immediately:\n\n- Place NiceGUI behind a reverse proxy that rejects requests where the path after `/_nicegui/\u003cversion\u003e/esm/\u003ckey\u003e/` or `/_nicegui/\u003cversion\u003e/resources/\u003ckey\u003e/` is empty.\n- Rate-limit the `/_nicegui/` prefix at the proxy.\n- Configure log rotation aggressively for the affected service.",
"id": "GHSA-pq7c-x8g4-rvp6",
"modified": "2026-06-09T10:58:12Z",
"published": "2026-05-18T20:22:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-pq7c-x8g4-rvp6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45554"
},
{
"type": "PACKAGE",
"url": "https://github.com/zauberzeug/nicegui"
},
{
"type": "WEB",
"url": "https://github.com/zauberzeug/nicegui/releases/tag/v3.12.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes"
}
Mitigation
Clearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits.
Mitigation
Limit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410.
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place, and it will help the administrator to identify who is committing the abuse. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-15
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution can be difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply requires more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, typically by using increasing time delays
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation MIT-38.1
- If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.
- Ensure that all failures in resource allocation place the system into a safe posture.
Mitigation MIT-47
Strategy: Resource Limitation
- Use quotas or other resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.
- When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.
- Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).
CAPEC-125: Flooding
An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
CAPEC-130: Excessive Allocation
An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-197: Exponential Data Expansion
An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
CAPEC-229: Serialized Data Parameter Blowup
This attack exploits certain serialized data parsers (e.g., XML, YAML, etc.) which manage data in an inefficient manner. The attacker crafts an serialized data file with multiple configuration parameters in the same dataset. In a vulnerable parser, this results in a denial of service condition where CPU resources are exhausted because of the parsing algorithm. The weakness being exploited is tied to parser implementation and not language specific.
CAPEC-230: Serialized Data with Nested Payloads
Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.
CAPEC-231: Oversized Serialized Data Payloads
An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.
CAPEC-469: HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.
CAPEC-482: TCP Flood
An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain. This often involves the use of TCP SYN messages.
CAPEC-486: UDP Flood
An adversary may execute a flooding attack using the UDP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. Additionally, firewalls often open a port for each UDP connection destined for a service with an open UDP port, meaning the firewalls in essence save the connection state thus the high packet nature of a UDP flood can also overwhelm resources allocated to the firewall. UDP attacks can also target services like DNS or VoIP which utilize these protocols. Additionally, due to the session-less nature of the UDP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.
CAPEC-487: ICMP Flood
An adversary may execute a flooding attack using the ICMP protocol with the intent to deny legitimate users access to a service by consuming the available network bandwidth. A typical attack involves a victim server receiving ICMP packets at a high rate from a wide range of source addresses. Additionally, due to the session-less nature of the ICMP protocol, the source of a packet is easily spoofed making it difficult to find the source of the attack.
CAPEC-488: HTTP Flood
An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the application layer such as web services and their infrastructure. These attacks use legitimate session-based HTTP GET requests designed to consume large amounts of a server's resources. Since these are legitimate sessions this attack is very difficult to detect.
CAPEC-489: SSL Flood
An adversary may execute a flooding attack using the SSL protocol with the intent to deny legitimate users access to a service by consuming all the available resources on the server side. These attacks take advantage of the asymmetric relationship between the processing power used by the client and the processing power used by the server to create a secure connection. In this manner the attacker can make a large number of HTTPS requests on a low provisioned machine to tie up a disproportionately large number of resources on the server. The clients then continue to keep renegotiating the SSL connection. When multiplied by a large number of attacking machines, this attack can result in a crash or loss of service to legitimate users.
CAPEC-490: Amplification
An adversary may execute an amplification where the size of a response is far greater than that of the request that generates it. The goal of this attack is to use a relatively few resources to create a large amount of traffic against a target server. To execute this attack, an adversary send a request to a 3rd party service, spoofing the source address to be that of the target server. The larger response that is generated by the 3rd party service is then sent to the target server. By sending a large number of initial requests, the adversary can generate a tremendous amount of traffic directed at the target. The greater the discrepancy in size between the initial request and the final payload delivered to the target increased the effectiveness of this attack.
CAPEC-491: Quadratic Data Expansion
An adversary exploits macro-like substitution to cause a denial of service situation due to excessive memory being allocated to fully expand the data. The result of this denial of service could cause the application to freeze or crash. This involves defining a very large entity and using it multiple times in a single entity substitution. CAPEC-197 is a similar attack pattern, but it is easier to discover and defend against. This attack pattern does not perform multi-level substitution and therefore does not obviously appear to consume extensive resources.
CAPEC-493: SOAP Array Blowup
An adversary may execute an attack on a web service that uses SOAP messages in communication. By sending a very large SOAP array declaration to the web service, the attacker forces the web service to allocate space for the array elements before they are parsed by the XML parser. The attacker message is typically small in size containing a large array declaration of say 1,000,000 elements and a couple of array elements. This attack targets exhaustion of the memory resources of the web service.
CAPEC-494: TCP Fragmentation
An adversary may execute a TCP Fragmentation attack against a target with the intention of avoiding filtering rules of network controls, by attempting to fragment the TCP packet such that the headers flag field is pushed into the second fragment which typically is not filtered.
CAPEC-495: UDP Fragmentation
An attacker may execute a UDP Fragmentation attack against a target server in an attempt to consume resources such as bandwidth and CPU. IP fragmentation occurs when an IP datagram is larger than the MTU of the route the datagram has to traverse. Typically the attacker will use large UDP packets over 1500 bytes of data which forces fragmentation as ethernet MTU is 1500 bytes. This attack is a variation on a typical UDP flood but it enables more network bandwidth to be consumed with fewer packets. Additionally it has the potential to consume server CPU resources and fill memory buffers associated with the processing and reassembling of fragmented packets.
CAPEC-496: ICMP Fragmentation
An attacker may execute a ICMP Fragmentation attack against a target with the intention of consuming resources or causing a crash. The attacker crafts a large number of identical fragmented IP packets containing a portion of a fragmented ICMP message. The attacker these sends these messages to a target host which causes the host to become non-responsive. Another vector may be sending a fragmented ICMP message to a target host with incorrect sizes in the header which causes the host to hang.
CAPEC-528: XML Flood
An adversary may execute a flooding attack using XML messages with the intent to deny legitimate users access to a web service. These attacks are accomplished by sending a large number of XML based requests and letting the service attempt to parse each one. In many cases this type of an attack will result in a XML Denial of Service (XDoS) due to an application becoming unstable, freezing, or crashing.