VYPR

PyPI package

dfir-unfurl

pkg:pypi/dfir-unfurl

Vulnerabilities (1)

  • CVE-2026-40036HigApr 8, 2026
    affected < 20260405fixed 20260405

    Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, ex