Lucene search
K

178 matches found

Veracode
Veracode
added 2026/05/16 5:16 a.m.5 views

Improper Handling Of The HTTP Connection Header

@fastify/reply-from and @fastify/http-proxy are vulnerable to Improper Handling of the HTTP Connection Header. The vulnerability is due to processing the client-supplied Connection header after proxy-added headers have been inserted, which allows an attacker to selectively remove security, routin...

9CVSS5.8AI score0.00441EPSS
Exploits1References9Affected Software2
CVE
CVE
added 2026/05/13 9:23 p.m.23 views

CVE-2026-44437

Summary: CVE-2026-44437 affects Angular SSR before fixed versions 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7. The vulnerability lies in the X-Forwarded-Prefix header processing: the internal validation does not properly account for URL-encoded characters (notably dots like %2e%2e), enabling enco...

6.9CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/12 7:58 a.m.5 views

SUSE-SU-2026:1818-1 Security update for python39

This update for python39 fixes the following issues: Security issues fixed: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970...

9.1CVSS6.7AI score0.00579EPSS
Exploits1References14
SUSE Linux
SUSE Linux
added 2026/05/06 12:10 p.m.10 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

9.1CVSS6.7AI score0.00621EPSS
Exploits1References40
OSV
OSV
added 2026/05/06 12:9 p.m.6 views

SUSE-SU-2026:1715-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. -...

9.1CVSS6.1AI score0.00621EPSS
Exploits1References21
OSV
OSV
added 2026/04/28 6:0 a.m.16 views

RLSA-2026:10950 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.1CVSS6.5AI score0.01279EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.9 views

RHEL 8 : python3.12 (RHSA-2026:10950)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10950 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS7AI score0.01279EPSS
Exploits1References24
AlmaLinux
AlmaLinux
added 2026/04/27 12:0 a.m.26 views

Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

9.1CVSS6.7AI score0.01279EPSS
Exploits1References24
OSV
OSV
added 2026/04/25 5:51 a.m.11 views

OESA-2026-2115 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

9.1CVSS5.5AI score0.00579EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/16 1:2 a.m.5 views

EUVD-2026-22877

Fastify's connection header abuse enables stripping of proxy-added headers...

9CVSS5.8AI score0.00441EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/16 1:2 a.m.9 views

Fastify's connection header abuse enables stripping of proxy-added headers

Summary @fastify/reply-from and @fastify/http-proxy process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers like access control or identification headers from upstream requests by...

9CVSS5.9AI score0.00441EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2026/04/15 11:16 a.m.8 views

CVE-2026-33805

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...

9CVSS0.00441EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/15 11:15 a.m.6 views

HTTP Header Injection

Overview @fastify/reply-from is a forward your HTTP request to another server, for fastify Affected versions of this package are vulnerable to HTTP Header Injection via improper handling of the Connection header after proxy-added headers have been set. An attacker can remove headers intended for...

9CVSS5.8AI score0.00441EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/15 10:13 a.m.37 views

CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...

9CVSS0.00441EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/15 10:13 a.m.5 views

CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers

@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...

9CVSS5.8AI score0.00441EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/10 6:31 p.m.4 views

EUVD-2026-21519

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References5
OSV
OSV
added 2026/04/10 6:16 p.m.2 views

DEBIAN-CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.2AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 6:16 p.m.6 views

UBUNTU-CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References6
CVE
CVE
added 2026/04/10 5:54 p.m.48 views

CVE-2026-1502

The CVE-2026-1502 entry concerns CR/LF bytes not being rejected by HTTP client proxy tunnel headers or host, as described in both the CVE record and the CVE-List entry. The connected documents indicate this is related to HTTP client proxy tunnel header validation, without providing specific affec...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References10
OSV
OSV
added 2026/04/10 5:54 p.m.13 views

PSF-2026-15

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References9
Rows per page
Query Builder