Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression
Vulnerability Description
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server memory and crashing the service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Unfurl 安全漏洞
Vulnerability Description
Unfurl是Ryan Benson个人开发者的一个URL数据提取与可视化分析工具。 Unfurl 2026.04之前版本存在安全漏洞,该漏洞源于parse_compressed.py中存在无限制的zlib解压缩问题,可能导致远程攻击者通过URL参数提交高度压缩的有效载荷,耗尽服务器内存并导致服务崩溃。
CVSS Information
N/A
Vulnerability Type
N/A