rpm package
almalinux/brotli
pkg:rpm/almalinux/brotli
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6176 | Hig | 7.5 | < 1.1.0-7.el10_1 | 1.1.0-7.el10_1 | Oct 31, 2025 | Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less | |
| CVE-2020-8927 | — | < 1.0.6-3.el8 | 1.0.6-3.el8 | Sep 15, 2020 | A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to upda |
- affected < 1.1.0-7.el10_1fixed 1.1.0-7.el10_1
Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less
- CVE-2020-8927Sep 15, 2020affected < 1.0.6-3.el8fixed 1.0.6-3.el8
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to upda