VYPR

CWE-1050

Excessive Platform Resource Consumption within a Loop

BaseIncomplete

Description

The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (5)

  • CVE-2026-4634HigApr 2, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged…

  • CVE-2025-32907MedApr 14, 2025
    risk 0.34cvss 5.3epss 0.01

    A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does…

  • CVE-2025-67419Jan 5, 2026
    risk 0.00cvss epss 0.00

    A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern…

  • CVE-2024-4068May 13, 2024
    risk 0.00cvss epss 0.01

    The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program…

  • CVE-2019-11254Apr 1, 2020
    risk 0.00cvss epss 0.02

    The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.