Cycloctane

**Name of the Vulnerable Software and Affected Versions** urllib3 versions 2.6.0 through 2.6.x **Description** An issue exists in the streaming API where the library may decompress an entire HTTP response instead of the requested portion. This occurs in two scenarios: during the second `HTTPResponse.read(amt=N)` call when using the official Brotli library for decompression, or when `HTTPResponse.drain conn()` is called after a response has been partially read and decompressed. This behavior can lead to excessive resource consumption on the client side, specifically high CPU usage and massive memory allocation, when processing small amounts of highly compressed data. **Recommendations** Update to version 2.7.0. As a temporary workaround for the Brotli-specific issue, switch from the `brotli` library to `brotlicffi`. As a temporary workaround, call `HTTPResponse.close()` instead of `HTTPResponse.drain conn()` when connection reuse is not required.

Name of the Vulnerable Software and Affected Versions: FastAPI Guard versions prior to 3.0.1 Description: The issue concerns the penetration attempts detection mechanism in FastAPI Guard, which utilizes regex patterns to scan incoming requests. However, some of these regex patterns are inefficient and can lead to polynomial complexity backtracks when handling specially crafted inputs. Recommendations: For versions prior to 3.0.1, update to version 3.0.1 to resolve the issue.