Mark Williams - Security Researcher - Exploit Intelligence Platform

CVE-2019-12387 WRITEUP MEDIUM WRITEUP

Twisted <19.2.1 - SSRF

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

CVSS 6.1

View Code

CVE-2020-1888 WRITEUP HIGH WRITEUP

HHVM <4.45.0 - DoS

Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

CVSS 7.5

View Code

CVE-2020-1892 WRITEUP HIGH WRITEUP

HHVM <4.45.0 - Memory Corruption

Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

CVSS 8.1

View Code

CVE-2020-1893 WRITEUP HIGH WRITEUP

HHVM <4.45.0 - DoS

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

CVSS 7.5

View Code