![]() ![]() A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. Lemmy is a link aggregator and forum for the fediverse. Version 1.4.3 contains a patch for this issue. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. At the time of publication there is no patch available. ![]() This issue isn't triggered during normal compilation of vyper code so the impact is low. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. ![]() `sha3_64` is used for retrieval in mappings. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). Concretely, the `height` variable is miscalculated. ![]() There is an error in the stack management when compiling the `IR` for `sha3_64`. Vyper is a Pythonic Smart Contract Language for the EVM. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |