Nszetei

**Name of the Vulnerable Software and Affected Versions** github.com/crewjam/saml versions prior to 0.4.13 **Description** The issue arises from the package's use of `flate.NewReader` without limiting the size of the input. This allows a user to pass more than 1 MB of data in an HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Repeating the same request multiple times can lead to a reliable crash, as the operating system kills the process due to excessive resource usage. **Recommendations** For versions prior to 0.4.13, update to version 0.4.13 to resolve the issue. As a temporary workaround, consider limiting the size of HTTP requests to prevent excessive decompression. Restrict access to the `flate.NewReader` function until a patch is available. Avoid using the Deflate algorithm for decompressing large inputs in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** An issue was discovered in ecma/operations/ecma-container-object.c where operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation. This is demonstrated by improper read access to memory in ecma gc set object visited in ecma/base/ecma-gc.c. **Recommendations** For JerryScript version 2.2.0, as a temporary workaround, consider restricting access to the `ecma gc set object visited` function in ecma/base/ecma-gc.c until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue arises from the mishandling of errors during certain out-of-memory conditions in the `parser/js/js-scanner.c` file. This can lead to a `scanner reverse info list` NULL pointer dereference and a `scanner scan all` assertion failure. **Recommendations** For JerryScript version 2.2.0, consider applying a patch or fix that properly handles out-of-memory conditions to prevent NULL pointer dereferences and assertion failures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue allows attackers to cause a denial of service, specifically an assertion failure, due to a property key query for a Proxy object returning unintended data. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue allows attackers to cause a denial of service, specifically through stack consumption, by performing a proxy operation. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.