35 matches found
AlmaLinux 8 : nodejs:18 (ALSA-2023:4536)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4536 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...
AlmaLinux 9 : nodejs:18 (ALSA-2023:4330)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4330 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x509...
HTTP Request Smuggling (HRS)
llhttp is vulnerable to HTTP Request Smuggling HRS. The vulnerability exists because the http.js does not properly handle the CRLF sequence, allowing an attacker to smuggle HTTP requests by submitting Line feed LF characters without a Carriage Return CR...
GHSA-CGGH-PQ45-6H9X llhttp vulnerable to HTTP request smuggling
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...
CVE-2023-30589
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...
CVE-2023-30589
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...
SUSE CVE-2015-9096
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...
CVE-2023-23950
User’s supplied input usually a CRLF sequence can be used to split a returning response into two responses...
CVE-2023-23950
User’s supplied input usually a CRLF sequence can be used to split a returning response into two responses...
CVE-2022-32214
The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...
The vulnerability of the urllib2 module in the Python programming language, related to the failure to eliminate the crlf sequence, allows attackers to compromise data integrity.
The vulnerability of the urllib2 module in the Python programming language is related to the lack of measures taken to neutralize the crlf sequence. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...
Ruby mail gem command injection vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. mail gem is one of the e-mail processing libraries. A command injection vulnerability exists in Ruby mail gem versions prior to 2.5.5. The vulnerability c...
Cross site scripting
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has...
Cross site scripting
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has...
AdvServer DoS
Title: AdvServer DoS Date: 21.06.02 Author: elab http://elaboration.8bit.co.uk Software: AdvServer Platform: Win32 Tested: Version 1.030000 Vendor: WWW: http://gamecheats.ws Contacted on: 30 May 02 Via: [email protected] && website Response: Within 2 days WARNING: This advisory has NOTHING to do...