1270 matches found
Incorrect Authorization
Overview io.quarkus:quarkus-vertx-http is a Cloud Native, Linux Container First framework for writing Java applications. Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain unauthorized access to protected resources by appending a semicolon and arbitrary text to the request URL, exploiting...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain unauthorized access to protected resources by appending a semicolon and arbitrary text to the request URL, exploiting...
Security Bulletin: Axios NO_PROXY Bypass via Improper Hostname Normalization Leads to SSRF
Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching an...
PT-2026-36888
Name of the Vulnerable Software and Affected Versions Detect-It-Easy versions prior to 3.21 Description Insufficient path normalization during archive extraction allows attackers to write arbitrary files to the filesystem. By crafting malicious archive entries using absolute paths or relative...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In ext4, the “set goal start” operation is performed correctly in ext4mbnormalizerequest. We need to set acgex to notify the “goal start” used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Additionall...
GHSA-G36M-9G3M-2VMP Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...
GHSA-2HFH-9H53-QC24 Apache Neethi does not properly detect circular references in policy definitions.
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...
CVE-2026-42402
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...
EUVD-2026-26485
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...
CVE-2026-42402
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...
CVE-2026-42402 Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...
CVE-2026-42402 Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...
CVE-2026-42402
CVE-2026-42402 describes a Denial of Service in Apache Neethi due to algorithmic complexity in policy normalization. Crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion, causing unbounded memory growth and JVM heap exhaustion during normalization when too many...
CVE-2026-42403 Apache Neethi: Circular Policy Reference Infinite Loop
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...
EUVD-2026-26486
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...
CVE-2026-42403 Apache Neethi: Circular Policy Reference Infinite Loop
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...
Apache Neethi 资源管理错误漏洞
Apache Neethi is a policy processing framework library developed by the Apache Foundation. There is a resource management vulnerability in Apache Neethi; this vulnerability stems from an improper detection of circular references in policy definitions. This can cause the policy normalization proce...
PT-2026-36309
Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description An issue exists in policy normalization where algorithmic complexity allows for a Denial of Service attack. Specially crafted WS-Policy documents can trigger an exponential Cartesian...