lmhunterand

icon indicating a website link https://hackerone.com/deb0con icon indicating an email [email protected]

icon company 𝗖𝗼-𝗳𝗼𝘂𝗻𝗱𝗲𝗿 𝗼𝗳 𝗣𝘄𝗻𝟬𝘀𝗲𝗰. ಠ_ಠ icon location 𝗕𝗮𝗹𝗶 𝗜𝘀𝗹𝗮𝗻𝗱, 𝗜𝗻𝗱𝗼𝗻𝗲𝘀𝗶𝗮 icon location Sleeping

Results 114 issues of lmhunterand

Fixed handle errors when reading HTTP/1 request smuggling

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames...

Prototype Pollution in lodash vulnerable CVE-2020-8203

1 comment

## Describe the bugs: 🐛 [lodash](https://github.com/mapbox/mapbox.js/edit/publisher-production/package-lock.json) is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution. The function `zipObjectDeep`...

request fixed/patching vulnerable CVE-2020-8203

Requesting a patch/fixed issue vulnerabilities as **pull-request** 🐛 in [#1365](https://github.com/mapbox/mapbox.js/pull/1365) Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language...

Patched()Fix Integer Overflow or Wraparound

## Changes: An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service...

Fixed Patched Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

## Description Summary : crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the...

Fix Memory flaw in zeroize_derive doesn't implement `Drop` for `enums`

## Changes : Affected of this project `near/core-contracts` crate did not implement `Drop` when `#[zeroize(drop)]` was used on an `enum`. This can result in memory not being zeroed out after...

Fix potential buffer overflow in `SmallVec::insert_many`

## Changes : `insert_many()` overflows the buffer when an iterator yields more items than the lower bound of `size_hint()`. The problem is in line 1044. `reserve(n)` reserves capacity for `n`...

Fix has Incorrect privilege reporting in syscall()

2 comment

The project used Go has Incorrect Privilege Reporting in syscall. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. The `syscall.Faccessat`...

Please invite me to the community

### Name imhunterand ### Discord Username (if applicable) Homebrew#3841 ### Additional Context request

github-invitation

Patched Fix fs::Dir iterator with the `linux_raw` backend can cause memory explosion

## Description 🐛 When using rustix::fs::Dir using the linux_raw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue...