20 matches found
CVE-2026-33806
A flaw was found in Fastify. A remote attacker could exploit this vulnerability by prepending a space to the Content-Type header in a request. This action bypasses the application's schema validation, allowing the attacker to submit data that would otherwise be rejected. This could lead to...
EUVD-2026-22818
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header...
Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
Summary A validation bypass vulnerability exists in Fastify v5.x where request body validation schemas specified via schema.body.content can be completely circumvented by prepending a single space character \x20 to the Content-Type header. The body is still parsed correctly as JSON or any other...
GHSA-247C-9743-5963 Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header
Summary A validation bypass vulnerability exists in Fastify v5.x where request body validation schemas specified via schema.body.content can be completely circumvented by prepending a single space character \x20 to the Content-Type header. The body is still parsed correctly as JSON or any other...
Improper Validation of Specified Type of Input
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the schema.body.content when a space is prepended to the Content-Type header. An attacker can bypass input validation by sending...
CVE-2026-33806
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...
PT-2026-33000
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...
SUSE-SU-2025:20180-1 Security update for procps
This update for procps fixes the following issues: - Fixed regression introduced with the CVE-2023-4016 fix. The ps command segfaults when pid argument has a leading space bsc1236842...
Security update for procps
This update for procps fixes the following issues: Fixed regression introduced with the CVE-2023-4016 fix. The ps command segfaults when pid argument has a leading space bsc1236842. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...
Security update for procps
This update for procps fixes the following issues: Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space bsc1236842, bsc1214290. Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for procps
This update for procps fixes the following issues: Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space bsc1236842, bsc1214290. Patch Instructions: To install this SUSE update use the SUSE recommended...
SUSE CVE-2006-2920
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character...
SUSE CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
UBUNTU-CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
DEBIAN-CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
CVE-2015-1840
jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...
PT-2011-1636 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions prior to 8.23 Description: The issue allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character. Recommendations: For versions prior ...
DEBIAN-CVE-2006-2920
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character...
DEBIAN-CVE-2005-0173
squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...