1135 matches found
HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
GHSA-QXP5-GWG8-XV66 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
Linux Distros Unpatched Vulnerability : CVE-2024-21536
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an...
Linux Distros Unpatched Vulnerability : CVE-2016-10003
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly...
Linux Distros Unpatched Vulnerability : CVE-2014-8150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and...
Linux Distros Unpatched Vulnerability : CVE-2016-10002
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in http-proxy-middleware
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of http-proxy-middleware. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending...
Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in http-proxy-middleware has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-21536]
Summary Node.js module http-proxy-middleware is used by IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring components, which are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in http-proxy-middleware
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of http-proxy-middleware Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By...
Security update for grpc
This update for grpc fixes the following issues: CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. bsc1228919 CVE-2024-11407: data corruption on servers with transmit zero copy enabled. bsc1233821 Patch Instructions: To install this SUSE update use the SUSE...
CVE-2024-49502
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
CVE-2024-49502
CVE-2024-49502 is a cross-site scripting vulnerability in the Setup Wizard, HTTP Proxy credentials pane of spacewalk-web. It affects SUSE Manager Server 4.3 (and related Spacewalk components) prior to versions updated by SUSE-SU-2024:4007-1, specifically before 4.3.42-150400.3.52.1 for the 4.3 li...
CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
Malicious code in n-http-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c13801d43d60af89b56b44fb645f8cd6e571abf340332c2d4031b29aab946043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10989 Malicious code in n-http-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c13801d43d60af89b56b44fb645f8cd6e571abf340332c2d4031b29aab946043 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2024-49502
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...