{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T16:56:06.595","vulnerabilities":[{"cve":{"id":"CVE-2026-27695","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T15:20:52.907","lastModified":"2026-02-26T15:38:45.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-partition throughput limits (~1,000 WCU/sec), causing throttling that degrades service for that entity — and potentially co-located entities in the same partition. Version 0.10.1 fixes the issue."},{"lang":"es","value":"zae-limiter es una librería de limitación de velocidad que utiliza el algoritmo de cubo de tokens. Antes de la versión 0.10.1, todos los cubos de límite de velocidad para una única entidad comparten la misma clave de partición de DynamoDB ('namespace/ENTITY#{id}'). Una entidad de alto tráfico puede exceder los límites de rendimiento por partición de DynamoDB (~1.000 WCU/seg), causando una limitación que degrada el servicio para esa entidad — y potencialmente para entidades coubicadas en la misma partición. La versión 0.10.1 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zeroae:zae-limiter:*:*:*:*:*:*:*:*","versionEndExcluding":"0.10.1","matchCriteriaId":"FF53AB9A-4E88-4C25-9752-3564CD7DDA1D"}]}]}],"references":[{"url":"https://github.com/zeroae/zae-limiter/releases/tag/v0.10.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/zeroae/zae-limiter/security/advisories/GHSA-76rv-2r9v-c5m6","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}