733 matches found
CVE-2025-63704
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...
Query String Parser 安全漏洞
Query String Parser is a JavaScript tool for parsing query strings developed by Victor Teo. Version 1.0.0 of Query String Parser has a security vulnerability. This vulnerability arises from improper cleaning of query parameters provided by users and their merging into newly created objects, which...
Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016497)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016497 advisory. The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the...
CVE-2025-63704
CVE-2025-63704 affects the NPM package [email protected] and is caused by improper sanitization of user-supplied query parameters, leading to prototype pollution (merging inputs into a newly created object). The CVSS v3.1 base score reported is 9.8 (CRITICAL) with network attack vector, n...
Improperly Controlled Modification Of Dynamically-Determined Object Attributes
Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...
CVE-2026-30246
Summary: CVE-2026-30246 affects the Go web framework Fiber (github.com/gofiber/fiber/v3) middleware/cache. The default KeyGenerator uses only the request path, omitting the query string, so requests with different query parameters can map to the same cache key, causing cross-request data mix-ups ...
CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...
CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...
Fiber 安全漏洞
Fiber is an open-source web framework written in Go. Versions of Fiber 3.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the default key generator used in the caching middleware, which only uses the request path without including the query string. As a result,...
RHCOS 6 : Red Hat OpenShift Enterprise 1.1.1 update (Moderate) (RHSA-2013:0582)
The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0582 advisory. - rubygem-actionpack: Unsafe query generation CVE-2012-2660 - rubygem-activerecord: SQL injection when processing nested query...
Astra Linux - уязвимость в firefox
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox versions earlier than 110...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
Use of Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...
Use of Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...