openSUSE Security Advisory (SUSE-SU-2025:02592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPA server Data API HTTP path injection of Rego

...

GO-2025-3660 OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa

OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa...

CVE-2025-46569 OPA server Data API HTTP path injection of Rego

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

GHSA-6M8W-JC87-6CR7 OPA server Data API HTTP path injection of Rego

Impact When run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used...

DEBIAN-CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

UBUNTU-CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

PT-2024-8623 · Hashicorp +4 · Hashicorp Consul +4

Name of the Vulnerable Software and Affected Versions: Consul versions 1.9.0 through 1.20.1 Description: A vulnerability was identified in Consul such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. This issue allows a remote attacker to bypass...

Fortinet FortiPresence Security Vulnerability

Fortinet FortiPresence is a comprehensive data analytics solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiPresence that stems from the lack of a custom error page, which could allow an attacker to obtain sensitive information by navigating to a specific HTTP path...

CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

CVE-2023-0100

A flaw was found In Eclipse BIRT, where the default configuration allowed retrieval of a report from the same host using an absolute HTTP path for the report parameter for example, report=http://xyz.com/report.rptdesign. The report would be retrieved if the host indicated in the report parameter...

Improper Input Validation In Eclipse BIRT

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

GHSA-4GRC-Q4FJ-45P8 Improper Input Validation In Eclipse BIRT

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

CVE-2023-0100

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

CVE-2023-0100

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

CVE-2023-0100

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

CVE-2023-0100

CVE-2023-0100 (Eclipse BIRT) affects BIRT versions starting from 2.6.2 where the default configuration allowed retrieval of a report from the same host using an absolute HTTP path in the __report parameter. If the HTTP Host header could be tampered with (e.g., configurations with no virtual hosts...

CVE-2021-44138

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request...

Caucho Resin 路径遍历漏洞

Caucho Resin is a web server and Java application server from Caucho Corporation. A security vulnerability exists in Caucho Resin versions 4.0.52 through 4.0.56, which stems from a directory traversal vulnerability due to a lack of restrictions on directory special separators in the application...

CVE-2021-43795

Armeria (an open source microservice framework) is affected by a path traversal issue where an HTTP request containing %2F (encoded slash) in the path can bypass path validation and access the server’s local filesystem beyond its restricted directory (e.g., /files/..%2Fsecrets.txt). The vulnerabi...