155 matches found
RHEL 9 : pcs (RHSA-2025:19512)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19512 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack...
CVE-2024-51999
Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express 'query parser': 'extended', the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match...
CVE-2024-51999
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CVE-2024-51999
CVE-2024-51999 is rejected and not a valid vulnerability entry.
CVE-2024-51999
...
CVE-2024-51999
...
EUVD-2025-200074
express improperly controls modification of query properties...
Withdrawn Advisory: express improperly controls modification of query properties
Withdrawn Advisory This advisory has been withdrawn because it describes a correctness bug, not a vulnerability with real security impact. This link is maintained to preserve external references. Original Description Impact when using the extended query parser in express 'query parser': 'extended...
GHSA-PJ86-CFQH-VQX6 Withdrawn Advisory: express improperly controls modification of query properties
Withdrawn Advisory This advisory has been withdrawn because it describes a correctness bug, not a vulnerability with real security impact. This link is maintained to preserve external references. Original Description Impact when using the extended query parser in express 'query parser': 'extended...
PT-2025-48543
Name of the Vulnerable Software and Affected Versions Express.js versions prior to 5.2.0 Express.js versions prior to 4.22.0 Description Express.js, a minimalist web framework for Node.js, is affected by an issue where the request.query object inherits all object prototype properties when using t...
TencentOS Server 4: rubygem-rack (TSSA-2025:0410)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0410 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
RHEL 8 / 9 : Satellite 6.16.5.5 Async Update (Important) (RHSA-2025:19855)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19855 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
Important: Red Hat Security Advisory: Satellite 6.16.5.5 Async Update
An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...
rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
An unsafe default behavior in Rack::QueryParser allows bypass of the paramslimit parameter count restriction when query string parameters are delimited by semicolons ; rather than ampersands &. The parser counts only & when enforcing the limit, while still splitting on both & and ;. As a result, ...