Medium
CVSS: 6.5
This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb.
If user import is enabled (which is the default setting), any registered user can upload an archi…
Medium
CVSS: 4.5
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compres…
High
CVSS: 7.5
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-r…
High
CVSS: 7.5
An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnera…
Medium
CVSS: 6.5
A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into…
Medium
CVSS: 4.3
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating).
This issue affects Apache Seata (incubating): through
High
CVSS: 7.5
kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb), causing th…