727 matches found
AZL-37469 CVE-2022-2880 affecting package golang for versions less than 1.21.6-1
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
DEBIAN-CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
Design/Logic Flaw
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
UBUNTU-CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
CVE-2022-2880
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
CVE-2022-2880
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...
GO-2022-1038 Incorrect sanitization of forwarded query parameters in net/http/httputil
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...
FreeBSD : go -- multiple vulnerabilities (854c2afb-4424-11ed-af97-adcabf310f9b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 854c2afb-4424-11ed-af97-adcabf310f9b advisory. - The Go project reports: archive/tar: unbounded memory consumption when reading headers...
go -- multiple vulnerabilities
The Go project reports: archive/tar: unbounded memory consumption when reading headers Reader.Read did not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics...
Google Golang 环境问题漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
PT-2022-19246 · Go +9 · Go +9
Name of the Vulnerable Software and Affected Versions: Go versions prior to the fixed version Description: The issue concerns the ReverseProxy in Go, which includes raw query parameters from the inbound request, including unparsable parameters rejected by net/http, potentially permitting query...
CVE-2022-37461
Multiple cross-site scripting XSS vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the 2 groupID, 3 offset, or 4 limit parameter to a...
Rocket.Chat users.list Information Disclosure Vulnerability
Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, which stems from allowing the "users.list" REST endpoint to fetch query parameters from JSON and run Users.findqueryFromClientSide, which can be exploited by an...
PT-2022-24805 · Onedev · Onedev
Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: The issue allows unauthenticated users to take over an Onedev instance if there is no properly configured reverse proxy. The "/git-prereceive-callback" endpoint, intended for localhost access, can b...
Exploit for Cross-Site Request Forgery (CSRF) in Jetbrains Teamcity
CVE-2022-24342 JetBrains TeamCity - account takeover via CSRF...
Update now! Mozilla fixes security vulnerabilities and introduces a new privacy feature for Firefox
Mozilla released version 102.0 of the Firefox browser to Release channel users on June 28, 2022. The new version fixes 20 security vulnerabilities, five of which are classified as “High”. The new version also comes with a new privacy feature that strips parameters from URLs that track you around...
UBUNTU-CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...
OMERO-web Sensitive Data Exposure
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...