Lucene search
K

281 matches found

Vulnrichment
Vulnrichment
added 2025/08/08 12:2 a.m.5 views

CVE-2025-54793 Astro: Duplicate trailing slash feature can lead to Open Redirects

Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs...

6.9CVSS6.2AI score0.00572EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.7 views

Astra Linux – Vulnerability in PHP 8.2

In PHP versions starting from 8.1. up to 8.1.32, and from 8.2. up to 8.2.28, and from 8.3. up to 8.3.19, as well as in PHP versions starting from 8.4. up to 8.4.5, there is a limitation on the size of the location parameter due to the limited size of the location buffer, which is set to 1024...

9.8CVSS6.5AI score0.00821EPSS
Exploits0References3
Hacker One
Hacker One
added 2025/05/22 1:15 a.m.626 views

curl: Memory Leak in libcurl via Location Header Handling (CWE-770)

Summary: This report details a memory leak vulnerability in libcurl that occurs when processing HTTP 3xx redirect responses containing a Location: header. Specifically, the memory allocated for the Location: header's value is not properly deallocated when the Curleasy handle is reused for...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/05/13 1:59 p.m.152 views

php: Stream HTTP wrapper truncates redirect location to 1024 bytes

A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection to the wrong location via HTTP redirect handling due to a limited location buffer size...

9.8CVSS5.9AI score0.00821EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/07 12:48 p.m.2 views

webob: WebOb's location header normalization during redirect leads to open redirect

A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...

6.1CVSS5.7AI score0.00497EPSS
Exploits1References7
OSV
OSV
added 2025/03/30 6:15 a.m.9 views

AZL-59306 CVE-2025-1861 affecting package php for versions less than 8.1.32-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

9.8CVSS6.7AI score0.00821EPSS
Exploits0References1
OSV
OSV
added 2025/03/30 6:15 a.m.2 views

DEBIAN-CVE-2025-1861

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

9.8CVSS6.8AI score0.00821EPSS
Exploits0References1
OSV
OSV
added 2025/03/30 6:15 a.m.6 views

AZL-59330 CVE-2025-1861 affecting package php for versions less than 8.3.19-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

9.8CVSS6.7AI score0.00821EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/03/16 2:48 a.m.2 views

SUSE CVE-2025-1861

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

6.5CVSS7AI score0.00821EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-42353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing th...

6.1CVSS6.4AI score0.00497EPSS
Exploits1References3
OSV
OSV
added 2025/01/09 1:15 a.m.6 views

DEBIAN-CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

4CVSS5.2AI score0.00332EPSS
Exploits2References1
OSV
OSV
added 2025/01/09 1:15 a.m.5 views

UBUNTU-CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

4CVSS6.7AI score0.00332EPSS
Exploits2References5
Amazon
Amazon
added 2025/01/09 12:0 a.m.25 views

Medium: python-webob

Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...

6.1CVSS6.7AI score0.00497EPSS
Exploits1
Amazon
Amazon
added 2025/01/09 12:0 a.m.6 views

Medium: python-webob

Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...

6.1CVSS6.9AI score0.00497EPSS
Exploits1
VulnCheck KEV
VulnCheck KEV
added 2025/01/08 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-52875

Several vulnerabilities are present in GFI KerioControl due to improper sanitization of the 'dest' GET parameter used to generate a 'Location' HTTP header. The affected endpoints include /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs. Exploitation could allow...

8.8CVSS7.3AI score0.29116EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/11/21 9:34 a.m.5 views

webob: WebOb's location header normalization during redirect leads to open redirect

A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...

6.1CVSS5.7AI score0.00497EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/11/21 9:29 a.m.6 views

webob: WebOb's location header normalization during redirect leads to open redirect

A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...

6.1CVSS5.7AI score0.00497EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.4 views

The vulnerabilities of the functions urlparse() and urljoin() in the WebOb library, which are used for analyzing HTTP requests and generating HTTP responses, allow a hacker to redirect users to any given URL address.

The vulnerability of the urlparse and urljoin functions in the WebOb library, which are used for analyzing HTTP requests and generating HTTP responses, relates to the redirection of URLs to unreliable websites when processing the HTTP Location header. Exploiting this vulnerability allows a remote...

6.4CVSS6.3AI score0.00497EPSS
Exploits1References8Affected Software4
RedHat Linux
RedHat Linux
added 2024/10/03 11:24 a.m.6 views

webob: WebOb's location header normalization during redirect leads to open redirect

A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...

6.1CVSS5.7AI score0.00497EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/10/02 6:8 a.m.4 views

webob: WebOb's location header normalization during redirect leads to open redirect

A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...

6.1CVSS5.7AI score0.00497EPSS
Exploits1References7
Rows per page
Query Builder