resolved
Application Level DoS - Large Markdown Payload in Reply Section Leading to Resource Exhaustion
Bug reported by Anindya Roy was disclosed at October 18, 2025, 4:47 pm | Uncontrolled Resource Consumption
A Denial of Service (DoS) vulnerability was identified in the reply section of the web application. Submitting an excessively large markup payload (approximately 800,000 characters) resulted in the server taking 30 seconds to respond before returning an HTTP/2 502 Bad Gateway error, indicating potential resource exhaustion or backend service failure.
resolved
Blu-ray Disc Java Sandbox Escape via two vulnerabilities
Bug reported by Andy Nguyen was disclosed at October 18, 2025, 12:35 am | Execution with Unnecessary Privileges
Two vulnerabilities in Blu-ray Disc Java (bd-j) related to the Inter-Xlet Communication (Ixc) implementation were discovered. The first vulnerability allowed invoking methods in privileged context by registering a remote object that implements an interface extending java.rmi.Remote. The second vulnerability enabled privileged method invocation by setting a custom method in the stub class generated for remote object registration. Together, these vulnerabilities could be exploited to disable the Java sandbox.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
