14 matches found
CVE-2026-50134
Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resources.GetRemote process while the host platform uses the cgo system resolver. When alternate IPv4 encodings are used in URLs, such as integer, hexadecimal, or octal representations, which bypa...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the resources.GetRemote process when HTTP redirects are not properly validated against the configured allow-list. An attacker can access restricted internal or otherwise forbidden hosts by leveraging...
GHSA-VXGM-5RMG-5W8G Hugo: security.http.urls allow-list bypass via HTTP redirects
Commit: 86fbb0f7a8 — security: Validate redirects against security.http.urls Affected versions: v0.91.0 when security.http.urls was introduced through v0.161.1. Fixed in: v0.162.0. Severity: Only relevant for sites that rely on security.http.urls as a trust boundary — e.g. CI builds that fetch...
The vulnerability of Eclipse Jetty servlet containers, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of Eclipse Jetty servlet containers is related to uncontrolled resource consumption in the ThreadLimitHandler.getRemote function. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
A flaw was found in Jetty's ThreadLimitHandler.getRemote. This flaw allows unauthorized users to cause remote denial of service DoS attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory...
org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
A flaw was found in Jetty's ThreadLimitHandler.getRemote. This flaw allows unauthorized users to cause remote denial of service DoS attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory...
Eclipse Jetty DoS Vulnerability (GHSA-g8m5-722r-8whq) - Linux
Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
Security update for jetty-minimal
This update for jetty-minimal fixes the following issues: CVE-2024-8184: Fixed remote denial-of-service in ThreadLimitHandler.getRemote bsc1231651. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
SUSE CVE-2015-8439
The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to...
CVE-2015-8439
The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to...
UBUNTU-CVE-2015-8439
The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to...
CVE-2015-8439
The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to...
Adobe Flash AS2 SharedObject getRemote Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SharedObject...