Code injection

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code...

CVE-2021-33207

CVE-2021-33207 affects Software AG MashZone NextGen up to version 10.7 GA. The vulnerability arises in the HTTP client, which deserializes untrusted data when processing an HTTP response with status code 570. Connected sources confirm the affected product and the root cause (deserialization of un...

CVE-2021-33207

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code...

CLSA-2022-1648048535 Fix CVE(s): CVE-2021-3737

SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-3737.patch: Fix http client infinite line reading DoS after a HTTP 100 continue in Lib/httplib.py, Lib/test/testhttplib.py. - CVE-2021-3737...

CLSA-2022-1647958678 Fixed CVE-2021-3737 in python

CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...

CLSA-2022-1647958513 Fix of CVE: CVE-2021-3737

CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...

Fix of CVE: CVE-2021-3737

CVE-2021-3737: Fix HTTP client infinite line reading DoS after receiving a '100 Continue' HTTP response...

Exposure of Sensitive information in httpie

httpie is a modern, user-friendly command-line HTTP client for the API era. Prior to version 3.1.0, all cookies saved to session storage are supercookies. At this time, there is no known workaround. Users are recommended to update to version 3.1.0...

java-11-openjdk bug fix and enhancement update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fixes: The previous OpenJDK 11 release, 11.0.14, was found to contain a regression introduced by improvements to the HTTP client. It caused both the :authority' and...

ALBA-2022:0887 java-11-openjdk bug fix and enhancement update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Bug Fixes: The previous OpenJDK 11 release, 11.0.14, was found to contain a regression introduced by improvements to the HTTP client. It caused both the :authority' and...

? before the @ sign allows one to bypass whitelists

Description ? before the @ sign in HTTP URLs allows one to bypass whitelists Proof of Concept Convince NodeJS HTTP client to make a request to 127.0.0.1 bypassing a google.com whitelist. const parse = require'parse-url' const http = require'http' const url = parse"http://[email protected]" if...

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

Authentication flaw

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

CVE-2022-24737

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and host...

CVE-2022-24737

CVE-2022-24737 affects the HTTPie command-line HTTP client. Before 3.1.0, HTTPie did not distinguish between cookies and the hosts they belonged to, which could lead to exposure of some cookies when redirects occur from the actual host to a third-party site. Public advisories and vendor notes con...

CVE-2022-24737 Exposure of Sensitive Information to an Unauthorized Actor in httpie

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and host...

Apache APISIX Remote Code Execution Exploit

Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction...

PSF-2022-6 CVE-2021-3733: ReDoS in urllib.request

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...