[GHSA-wgc6-9f6w-h8hx] microlight allows a denial of service#5730
Merged
advisory-database[bot] merged 1 commit intoQix-/advisory-improvement-5730from Jun 18, 2025
Merged
Conversation
Loading
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This "high severity" advisory shouldn't exist. See #5730 (comment).
Updates
Comments
From the advisory:
Tricking anyone into downloading 100MiB of code that is to be processed is of course going to cause DoS. This is a nonsense CVE. Please stop abusing the CVE system for beg bounty / clout-chasing security reports. This has to end.
Screenshots at time of report, just in case context is lost: