281 matches found
CVE-2025-54793 Astro: Duplicate trailing slash feature can lead to Open Redirects
Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs...
Astra Linux – Vulnerability in PHP 8.2
In PHP versions starting from 8.1. up to 8.1.32, and from 8.2. up to 8.2.28, and from 8.3. up to 8.3.19, as well as in PHP versions starting from 8.4. up to 8.4.5, there is a limitation on the size of the location parameter due to the limited size of the location buffer, which is set to 1024...
curl: Memory Leak in libcurl via Location Header Handling (CWE-770)
Summary: This report details a memory leak vulnerability in libcurl that occurs when processing HTTP 3xx redirect responses containing a Location: header. Specifically, the memory allocated for the Location: header's value is not properly deallocated when the Curleasy handle is reused for...
php: Stream HTTP wrapper truncates redirect location to 1024 bytes
A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection to the wrong location via HTTP redirect handling due to a limited location buffer size...
webob: WebOb's location header normalization during redirect leads to open redirect
A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...
AZL-59306 CVE-2025-1861 affecting package php for versions less than 8.1.32-1
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...
DEBIAN-CVE-2025-1861
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...
AZL-59330 CVE-2025-1861 affecting package php for versions less than 8.3.19-1
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...
SUSE CVE-2025-1861
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...
Linux Distros Unpatched Vulnerability : CVE-2024-42353
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing th...
DEBIAN-CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
UBUNTU-CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
Medium: python-webob
Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...
Medium: python-webob
Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...
VulnCheck KEV: CVE-2024-52875
Several vulnerabilities are present in GFI KerioControl due to improper sanitization of the 'dest' GET parameter used to generate a 'Location' HTTP header. The affected endpoints include /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs. Exploitation could allow...
webob: WebOb's location header normalization during redirect leads to open redirect
A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...
webob: WebOb's location header normalization during redirect leads to open redirect
A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...
The vulnerabilities of the functions urlparse() and urljoin() in the WebOb library, which are used for analyzing HTTP requests and generating HTTP responses, allow a hacker to redirect users to any given URL address.
The vulnerability of the urlparse and urljoin functions in the WebOb library, which are used for analyzing HTTP requests and generating HTTP responses, relates to the redirection of URLs to unreliable websites when processing the HTTP Location header. Exploiting this vulnerability allows a remote...
webob: WebOb's location header normalization during redirect leads to open redirect
A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...
webob: WebOb's location header normalization during redirect leads to open redirect
A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...