29 matches found
CVE-2026-42882 oxyno-zeta/s3-proxy: Security Issues in Resource Path Matching
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...
GHSA-RFGQ-WGG8-662P S3-Proxy has Security Issues in its Resource Path Matching Implementation
Background The original concern is functional: a resource pattern should treat a percent-encoded segment like some%2Fvalue as a single opaque token rather than splitting it into two path segments at the decoded /. Investigation into why %2F was being decoded and how routes matched against the...
JLSEC-2026-425 URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file...
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
Interpretation Conflict
Overview Affected versions of this package are vulnerable to Interpretation Conflict via inconsistent handling of URL-encoded slashes in the path processing. An attacker can gain unauthorized access or escalate privileges by crafting requests with lowercase percent-encoded slashes that bypass...
Interpretation Conflict
Overview Affected versions of this package are vulnerable to Interpretation Conflict via inconsistent handling of URL-encoded slashes in the path processing. An attacker can gain unauthorized access or escalate privileges by crafting requests with lowercase percent-encoded slashes that bypass...
CVE-2025-11563
A flaw was found in wcurl. This vulnerability allows a remote attacker to manipulate the location where output files are saved. By crafting a malicious URL with percent-encoded slashes, the attacker can trick the wcurl command-line tool into writing files outside of the intended directory. This...
EUVD-2025-208109
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of URLs containing percent-encoded slashes in the UNSAFEPERCENTENCODE parameter in wcurl wrapper. An attacker can cause files to be saved outside of the intended directory by supplying specially...
CVE-2025-11563
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
CVE-2025-11563
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
UBUNTU-CVE-2025-11563
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
CVE-2025-11563
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
CVE-2025-11563 wcurl path traversal with percent-encoded slashes
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
CVE-2025-11563 wcurl path traversal with percent-encoded slashes
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
CVE-2025-11563
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
CVE-2025-11563
CVE-2025-11563 describes a wcurl path-traversal issue where URLs with percent-encoded slashes can cause output to be saved outside the intended directory. The connected advisories (Ubuntu USN-8062-1, Amazon Linux ALAS2025-3088/ALAS2023-2025-1317, and related Nessus/NVD/NVL entries) corroborate th...
SUSE-SU-2025:21206-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...
SUSE-SU-2025:21198-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757...
Medium: curl
Issue Overview: wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. CVE-2025-11563 Affected Packages: curl Note: This advisory is...
Amazon Linux 2 : curl, --advisory ALAS2-2025-3088 (ALAS-2025-3088)
The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3088 advisory. wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the outpu...