138 matches found
OESA-2026-2802 rubygem-faraday security update
HTTP/REST API client library Security Fixes: Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a...
Important Photon OS Security Update - PHSA-2026-5.0-0911
Updates of 'rubygem-nokogiri', 'rubygem-faraday', 'python3-urllib3', 'python3-mistune' packages of Photon OS have been released...
Linux Distros Unpatched Vulnerability : CVE-2026-54297
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3,...
CVE-2026-54297
A flaw was found in Faraday, an HTTP client library. The Faraday::NestedParamsEncoder, which handles nested query parameters, does not limit the depth of nested query strings during decoding. A remote attacker can exploit this by sending a specially crafted query string, causing the application t...
CVE-2026-54297
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...
UBUNTU-CVE-2026-54297
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...
CVE-2026-54297
CVE-2026-54297 (Faraday) : Uncontrolled recursion in Faraday::NestedParamsEncoder during decoding of nested query strings can create deeply nested Ruby Hashes, leading to a stack exhaustion DoS. Affected versions are Faraday 1.0.0 through 1.10.6 and 2.14.3. The vulnerability is fixed in 1.10.6 an...
CVE-2026-54297 Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...
CVE-2026-54297 Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...
CVE-2026-54297
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...
GHSA-98M9-HRRM-R99R vulnerabilities
Vulnerabilities for packages: cinc-auditor, ruby3.3-faraday, kube-logging-operator, kube-fluentd-operator, gitlab-rails-ce-fips, gitlab-rails-ce, gitlab-cng, logstash-fips, logstash...
CVE-2026-54297 vulnerabilities
Vulnerabilities for packages: cinc-auditor, ruby3.3-faraday, kube-logging-operator, kube-fluentd-operator, gitlab-rails-ce-fips, gitlab-rails-ce, gitlab-cng, logstash-fips, logstash...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the NestedParamsEncoder module through the dehash routine. An attacker can cause the application to crash and exhaust system resources by submitting a deeply nested query string that triggers uncontrolled...
GHSA-98M9-HRRM-R99R vulnerabilities
Vulnerabilities for packages: cinc-auditor, kube-logging-operator, kube-fluentd-operator, logstash, ruby3.3-faraday...
CVE-2026-54297 vulnerabilities
Vulnerabilities for packages: cinc-auditor, kube-logging-operator, kube-fluentd-operator, logstash, ruby3.3-faraday...
GHSA-98M9-HRRM-R99R Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string such as: text axxxx...x=1 causes Faraday to build a deeply nested Ruby Hash structure. The internal dehash...
Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string such as: text axxxx...x=1 causes Faraday to build a deeply nested Ruby Hash structure. The internal dehash...
Faraday - Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
Uncontrolled Recursion in NestedParamsEncoder Allows Stack Exhaustion DoS via Deeply Nested Query Parameters Summary Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query...
CVE-2026-54297
creationtimestamp| type| source ---|---|--- 2026-06-18 13:20:52+00:00| published-proof-of-concept| https://github.com/lostisland/faraday/security/advisories/GHSA-98m9-hrrm-r99r 2026-06-23 13:41:44+00:00| seen| https://gist.github.com/muhamedfazalps/a3449070789a6a2c13d4d4e844af803b...
PT-2026-51060
Name of the Vulnerable Software and Affected Versions Faraday versions prior to 2.14.2-2-g59334e0 Description Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder, decodes nested query strings without enforcing a maximum nesting depth. An attacker can provide a crafted...