Cisa: >> Thorium >> 1.1.2 Security Vulnerabilities
CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-09-17
CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-09-17