Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...

MAL-2022-3698 Malicious code in http-proxy-iddlemare (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2f358bcd3dc9d017b753a0661664f92444c3b40db7af4e0a10fe7e9b0cb12d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2023-03924)

Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation. Apache Traffic Server is vulnerable to an input validation error, which could be exploited by attackers to request secure resources...

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2023-03923)

Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation. Apache Traffic Server is vulnerable to an input validation error, which could be exploited by attackers to smuggle requests...

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2023-03926)

Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation. Apache Traffic Server versions 8.0.0 through 9.1.2 are vulnerable to an input validation error, which could be exploited by an attacker to send invalid headers...

Unintended Proxy or Intermediary

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. Go Vulnerability Report: An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Pro...

GO-2022-0761 Improper input validation in net/http and net/http/cgi

An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Proxy header, which changes where Go by default proxies all outbound HTTP requests. This environment variable is also used to set the outgoing proxy, enabling an attacker to insert a...

[SECURITY] Fedora 36 Update: golang-github-google-martian-3.1.0-10.fc36

Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...

Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another

Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...

[SECURITY] Fedora 35 Update: golang-github-google-martian-3.1.0-9.fc35

Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...

CVE-2022-32210

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via...

CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

Design/Logic Flaw

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

CVE-2022-32290

CVE-2022-32290 affects Northern.tech Mender client versions 3.2.0–3.2.2. The issue is incorrect access control where the Mender Client exposes an HTTP proxy on a non-localhost TCP port across all network interfaces. This allows any device on the same network to connect to the proxy and forward AP...

Fedora: Security Advisory for golang-github-google-martian (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-google-martian-3.1.0-9.fc36

Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...

MAL-2022-3699 Malicious code in http-proxy-middelware (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 65e99094fb073abe6ba8b6c790b2c93d2ac8cb7154d1d0f104fcc995e14bfabd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Play Framework Inadequate Encryption Strength vulnerability

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...