Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/26 4:36 p.m.22 views

Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

7.2CVSS6AI score
Exploits0References3Affected Software1
RubySec
RubySec
added 2026/06/26 12:0 a.m.5 views

Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http`

The outhttp output plugin allows the use of placeholders such as $tag in the endpoint configuration parameter. It was discovered that if the placeholder value is derived from untrusted user input, an attacker can maliciously control the destination hostname of the outbound HTTP requests made by...

7.2CVSS5.9AI score
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 2:30 p.m.6 views

CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

5.7AI score0.00413EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/10 12:24 a.m.5 views

SUSE CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS5.7AI score0.00401EPSS
Exploits1References4
OSV
OSV
added 2025/04/29 4:43 p.m.10 views

GHSA-VC6M-HM49-G9QG phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

6.5CVSS6.5AI score0.00426EPSS
Exploits1References4
Rows per page
Query Builder