Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2025-1030)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2025-1045)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2025-3376 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset...

CVE-2025-22149

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

Impact The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key...

GHSA-675F-RQ2R-JW82 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

Impact The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key...

CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

CVE-2025-22149

The CVE-2025-22149 issue affects the JWK Set Go implementation’s auto-caching HTTP client (github.com/MicahParks/jwkset). Before v0.6.0, the local JWK Set cache could overwrite or append during remote refresh instead of performing a full replacement, potentially leaving revoked keys usable if rem...

CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...

UBUNTU-CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

The vulnerability of the RequestBuilder class in the CookieStore interface of the asynchronous HTTP request processing library Async Http Client allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the RequestBuilder class in the CookieStore interface of the asynchronous HTTP request processing library Async Http Client is related to the replacement of cookie files due to incorrect authentication procedures. Exploiting this vulnerability can allow an attacker operating...

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

Chamilo v1.11.24 Unrestricted File Upload PHP Webshell

Chamilo LMS is a free software e-learning and content management system. In versions prior to use exploit/linux/http/chamilobiguploadwebshell msf exploitchamilobiguploadwebshell show targets ...targets... msf exploitchamilobiguploadwebshell set TARGET msf exploitchamilobiguploadwebshell show...

io.github.shoothzj:http-client-facade (=0.0.1), io.github.taikonaut3:virtue-demo (>=0.0.1-alpha <=1.0.0-alpha) +7 more potentially affected by CVE-2024-53990 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.0.Beta3)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =0.0.1-alpha, =0.3.1, =0.0.1, =3.0.0-M2, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-RC2 Source cves: CVE-2024-53990 Source advisory: OSV:GHSA-MFJ5-CF8G-G2FV...

UBUNTU-CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

Async Http Client 授权问题漏洞

Async Http Client is AsyncHttpClient open source asynchronous Http and WebSocket client library for Java. An authorization issue vulnerability exists in Async Http Client version 3.0.0, which stems from an automatically enabled and self-managed CookieStore handling mechanism that can lead to...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2024-2921)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an 'Expect: 100-continue' header with a non-information...

RHEL 9 : python3.12-urllib3 (RHSA-2024:9923)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9923 advisory. urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard librarie...