CVE-2026-33495

CVE-2026-33495 affects ORY Oathkeeper. Prior to version 26.2.0, Oathkeeper could incorrectly trust the X-Forwarded-* headers when evaluating access rules, due to the serve.proxy.trust_forwarded_headers setting being ignored. This could allow an attacker with distinct HTTP/HTTPS rules to trigger t...

Fastify 安全漏洞

Fastify is an open-source web framework developed by Fastify. Versions of Fastify 5.8.2 and earlier contain security vulnerabilities. These vulnerabilities arise when the trustProxy is configured as a restrictive trust function, allowing request.protocol and request.host to read the...

Missing Authorization

Overview github.com/ory/oathkeeper/proxy is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules Affected versions of this package are vulnerable to Missing Authorization in the evaluation of the X-Forwarded-Proto header due to...

Ory Oathkeeper has an authentication bypass by usage of untrusted header

Description Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the request to the Oathkeeper proxy with a different protocol http vs. https than the original request. In order to properly match the...

CLEANSTART-2026-XP58111 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11

Multiple security vulnerabilities affect the tomcat9 package. When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11. See references for individual vulnerability details...

Server-Side Request Forgery (SSRF)

Astro is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insecure and unsanitized use of the x-forwarded-proto and x-forwarded-port headers when constructing URLs, which allows an attacker to manipulate these headers to bypass protected routes, poison caches, trigger...

CVE-2025-64525 Astro: URL manipulation via unsanitized headers leads to path-based middleware protections bypass, potential SSRF/cache-poisoning, CVE-2025-61925 bypass

Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are:...

GHSA-XPH5-278P-26QX lobe-chat has an Open Redirect

Description --- Vulnerability Overview The project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-Forwarded-Proto value. In deployments where a reverse proxy forwards client-supplied X-Forwarded-...

Regular Expression Denial of Service (ReDoS)

Overview @oakserver/oak is an A middleware framework for handling HTTP requests Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the x-forwarded-proto or x-forwarded-for headers. An attacker can cause significant performance degradation by sending...

CLSA-2024-1735065713 Fix CVE(s): CVE-2023-28708

SECURITY UPDATE: Missing secure attribute in session cookies when using RemoteIpFilter with X-Forwarded-Proto header set to https - debian/patches/CVE-2023-28708.patch: Fix JSessionId secure attribute missing when RemoteIpFilter determines request submitted via secure channel - CVE-2023-28708...

HTTP Header Injection

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of...