CLEANSTART-2026-BM78291

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-BM78291.json
JSON Data
https://api.osv.dev/v1/vulns/CLEANSTART-2026-BM78291
Upstream
  • CVE-2026-25680
  • CVE-2026-25681
  • CVE-2026-27140
  • CVE-2026-27143
  • CVE-2026-27144
  • CVE-2026-27145
  • CVE-2026-29181
  • CVE-2026-32280
  • CVE-2026-32281
  • CVE-2026-32282
  • CVE-2026-32283
  • CVE-2026-32288
  • CVE-2026-32289
  • CVE-2026-32952
  • CVE-2026-33810
  • CVE-2026-33811
  • CVE-2026-33814
  • CVE-2026-34986
  • CVE-2026-39817
  • CVE-2026-39819
  • CVE-2026-39820
  • CVE-2026-39821
  • CVE-2026-39823
  • CVE-2026-39825
  • CVE-2026-39826
  • CVE-2026-39834
  • CVE-2026-39836
  • CVE-2026-42499
  • CVE-2026-42501
  • CVE-2026-42504
  • CVE-2026-42507
  • CVE-2026-42508
  • CVE-2026-46595
  • ghsa-78h2-9frx-2jm8
  • ghsa-mh2q-q3fh-2475
  • ghsa-pjcq-xvwq-hhpj
Published
2026-06-11T00:59:17.738426Z
Modified
2026-06-11T06:15:04.418056157Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU
Details

Multiple security vulnerabilities affect the dex package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. See references for individual vulnerability details.

References

Affected packages

CleanStart / dex

Package

Name
dex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.45.1-r4

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-BM78291.json"