Lucene search
K

134 matches found

Vulnrichment
Vulnrichment
added 2024/12/19 6:43 p.m.6 views

CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

8.6CVSS7.2AI score0.00579EPSS
Exploits0References3
OSV
OSV
added 2024/12/19 6:43 p.m.4 views

CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

8.6CVSS7AI score0.00579EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.4 views

PT-2024-36737 · Altair · Altair

Name of the Vulnerable Software and Affected Versions: Altair versions prior to v12.24Q4.1 Description: The issue is related to a lack of validation and authentication in the image proxy for compressing and resizing remote files, which could allow attacks affecting availability. This could result...

8.6CVSS7.5AI score0.00579EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.3 views

Altair 资源管理错误漏洞

Altair is a beautiful and feature-rich GraphQL client IDE from the Altair GraphQL open source. A resource management error vulnerability exists in versions prior to Altair v12.24Q3.2, which stems from a lack of request validation and a lack of authentication in the image proxy, and the...

8.6CVSS6.7AI score0.00579EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/11/05 12:0 p.m.4 views

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +93 more potentially affected by CVE-2024-51756 via cap-primitives (>=0.10.0 <=3.0.0)

cap-primitives CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.3.0, =0.1.0, =0.7.0, =1.0.11, =0.1.0, =0.1.1, =0.1.0, =0.3.0, =0.5.2, =0.1.1, =0.1.0, =0.1.0, =0.2.3 and more Source cves: CVE-2024-51756 Source advisory: OSV:RUSTSEC-2024-0445...

2.3CVSS5.8AI score0.0056EPSS
Exploits0
Veracode
Veracode
added 2024/10/18 9:57 a.m.6 views

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to improper memory management in the image proxy component, which allows an attacker to allocate excessive memory for multiple copies of proxied images without adequately handling large file...

6.5CVSS6.6AI score0.00882EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/06 8:36 p.m.35 views

CVE-2024-27926 RSSHub Cross-site Scripting vulnerability caused by internal media proxy

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.1CVSS6.1AI score0.00521EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:4 a.m.9 views

BIT-MATTERMOST-2022-1337

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files...

6.5CVSS5.1AI score0.00882EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/16 6:32 p.m.18 views

CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS6.7AI score0.00601EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2023/10/16 7:24 a.m.30 views

Require strict cookies for image proxy requests

None...

4.3CVSS4.8AI score0.00601EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/25 12:0 a.m.5 views

The vulnerability of the image_proxy.php component in the LibreY search engine allows a hacker to perform an SSRF attack.

The vulnerability of the imageproxy.php component in the LibreY search engine is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

9.4CVSS7.6AI score0.00717EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/09/04 5:32 p.m.3 views

CVE-2023-41054 LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery SSRF vulnerability in the imageproxy.php file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remo...

8.2CVSS7AI score0.00717EPSS
Exploits1References4
NVD
NVD
added 2023/03/17 8:15 p.m.33 views

CVE-2023-27592

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

5.4CVSS5.6AI score0.00586EPSS
Exploits0References7
Prion
Prion
added 2023/03/17 8:15 p.m.14 views

Design/Logic Flaw

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

4.9CVSS5.8AI score0.00586EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/17 7:4 p.m.7 views

CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

4.8CVSS5.9AI score0.00586EPSS
Exploits0References7
OSV
OSV
added 2023/03/17 7:4 p.m.22 views

CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

4.8CVSS5.8AI score0.00586EPSS
Exploits0References9
Cvelist
Cvelist
added 2023/03/17 7:4 p.m.34 views

CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

4.8CVSS6.1AI score0.00586EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/03/17 12:0 a.m.6 views

PT-2023-21232 · Miniflux · Miniflux

Name of the Vulnerable Software and Affected Versions: Miniflux versions 2.0.25 through 2.0.42 Description: The issue arises when Miniflux automatically proxies images served over HTTP to prevent mixed content errors. If an outbound request made by the Go HTTP client fails, the html.ServerError i...

5.4CVSS7.6AI score0.00586EPSS
Exploits0References12
Cvelist
Cvelist
added 2022/08/31 7:15 p.m.26 views

CVE-2022-36048 IP address leak via image proxy bypass in Zulip Server

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

4.3CVSS4.7AI score0.00507EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/08/31 7:15 p.m.9 views

CVE-2022-36048 IP address leak via image proxy bypass in Zulip Server

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

4.3CVSS4.4AI score0.00507EPSS
Exploits0References1
Rows per page
Query Builder