Skip to main content
217 questions
Newest Active Bountied Unanswered
Advice
0 votes
2 replies
50 views

Running untrusted TensorFlow models and noticed this: import tensorflow as tf import time class TestLayer(tf.keras.layers.Layer): def call(self, inputs): n = tf.cast(inputs[0][0], tf....
Madhan Alagarsamy's user avatar
  • 1
0 votes
0 answers
57 views

I'm still learning EDIFACT. And while reviewing EDIFACT parser software, I'm wondering if it's possible, within UN/EDIFACT Syntax, to build a document that expands and blows up when parsed? Known XML ...
Georg Muehlenberg's user avatar
  • 575
0 votes
2 answers
802 views

I've encountered a vulnerability after running the Snyk open source security management tool and am not sure how to resolve it. I believe this is related to a library pulled in by the Android Gradle ...
VIN's user avatar
  • 7,064
0 votes
0 answers
124 views

For learning purposes, I'm writing a basic network protocol over TcpStreams. In order to delimit individual messages, I was using read_until, but because the data sent can contain any bytes, this can'...
Encephala's user avatar
  • 348
1 vote
1 answer
135 views

In Java, the simple way to write a TCP server is to use the ServerSocket class. When using the ServerSocket class, the server program calls the accept() method of this class to get an object of the ...
zhoudu's user avatar
  • 661
0 votes
1 answer
409 views

When we send this code to fortify scan int len=inputString.length(); Pattern p= Pattern.compile("[0-9]{"+Integer.toString(len-1)+"}"); The second line is vulnerable to Denial of ...
Sri's user avatar
  • 9
0 votes
0 answers
52 views

This line of code in java is reported by sonar scan as a Security hotspot risk under Denial of Service (DoS) category. name.matches("^.*[^a-zA-Z0-9 \\\\].*$") How can I fix this? Is there ...
Techie's user avatar
  • 83
0 votes
0 answers
99 views

I run a p2p service (so no webserver, no load balancing with DOS functionality, etc.), which receives direct connection requests. I want to reject connections when the exact same message has been sent ...
unsafe_where_true's user avatar
  • 6,410
2 votes
2 answers
4k views

How do I improve this code? SonarQube is highlighting that the regex pattern that could become really slow and produce denial of service. Here's the code: // Single quotes // Double quotes // ...
Joe DiNottra's user avatar
  • 1,083
3 votes
1 answer
923 views

Recently, vulnerability reports are accumulating against (Java) libraries that complain that the library offers a recursive function that may exhaust the available stack depth and cause a ...
haui's user avatar
  • 637
1 vote
2 answers
3k views

I would like to know what am I doing wrong with this code : if self.digital: im = Image.open(os.path.join(folder, filename)) width, height = im.size image_info["width"] = round(...
Pythonmaru's user avatar
  • 21
0 votes
0 answers
99 views

I am using a regex pattern to validate an email. SonarQube is giving "Make sure the regex used here,which is vulnerable to polynomial runtime due to backtracking, cannot lead to denial of service&...
Sumit Kumar's user avatar
  • 9
-3 votes
2 answers
306 views

The gitattributes man page says: Creating an archive export-subst If the attribute export-subst is set for a file then Git will expand several placeholders when adding this file to an archive. [...] ...
figl's user avatar
  • 65
1 vote
1 answer
1k views

I'm getting Checkmarx issue: The resource Parse allocated by FUNCTION_X in the file FILE at line LINE is prone to resource exhaustion when used by FUNCTION_Y in the file FILE at line LINE. I can see ...
truongln1807's user avatar
  • 21
0 votes
1 answer
2k views

I'm a little confused about CVE-2022-22950 and the corresponding Spring advisory. The latter says that the vulnerability can be exploited through: [...] specially crafted SpEL expression [...] ...
meeque's user avatar
  • 23

15 30 50 per page
1
2 3 4 5
15