Skip to content
View 0xcyborg's full-sized avatar
12 followers · 6 following

Achievements

Achievement: Pull Sharkx2Achievement: YOLO

Achievements

Achievement: Pull Sharkx2Achievement: YOLO

Block or report 0xcyborg

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. [Jellyfin] Missing Input Validation ... [Jellyfin] Missing Input Validation on SyncPlay Group Name Leading to DoS
    1 
    ## Summary:
    2 
    The `/SyncPlay/New` endpoint accepted the `GroupName` parameter without any length or content validation. This allowed an authenticated user to create **SyncPlay** groups with arbitrarily large names. Since group creation is tied to sessions rather than accounts, and **Jellyfin** instances allow unlimited concurrent sessions per account by default, an attacker can create as many groups as needed from a single account. This could be used to exhaust server **RAM** and make the **SyncPlay** groups panel unusable for all users.
    3 
    
              
    
              
    
                4
                
    ## The Cause:
    
              
    
              
    
                5
                
    - **No length validation on GroupName:**
    
              
    
          
    
    
    
  
    

    2. 

      
  2. 
  
    
    
    
      
    
        
    
            
          minecraft-protocol-load-tester  minecraft-protocol-load-tester          Public
        
    
      
    


      
    
        A Minecraft tool built using the minecraft-protocol package that connects multiple clients and rapidly sends messages after registering them on a server
      
    

      
    
          
  
  JavaScript


          
            
    

            1
          
      
    
    
    
  
    

    3. 

      
  3. 
  
    
    
    
      
    
        
    
            
          the-library-of-all-images  the-library-of-all-images          Public
        
    
      
    


      
    
        An infinite visual archive
      
    

      
    
          
  
  JavaScript


          
            
    

            3
          
      
    
    
    
  
    

    4.