6 matches found
CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...
CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...
CVE-2026-40074 SvelteKit's invalidated redirect in handle hook causes Denial-of-Service
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...
DEBIAN-CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
UBUNTU-CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
Waitress denial of service vulnerability
Waitress is a WSGI Web Server Gateway Interface server for Python. A denial of service vulnerability exists in Waitress, which can be exploited to cause a denial of service by sending specially designed headers containing invalid characters that consume all available CPU resources...