PawelMurdzek

2 exploits Active since Jun 2024
CVE-2024-47554 GITHUB MEDIUM javascript WORKING POC
Apache Commons IO <2.14.0 - DoS
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CVSS 4.3
CVE-2024-38355 NOMISEC HIGH WORKING POC
Socket.IO <4.6.2 - DoS
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `[email protected]` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors.
CVSS 7.3