CVE-2022-2880

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

CVE-2022-2880

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an...

GO-2022-1038 Incorrect sanitization of forwarded query parameters in net/http/httputil

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the quer...

FreeBSD : go -- multiple vulnerabilities (854c2afb-4424-11ed-af97-adcabf310f9b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 854c2afb-4424-11ed-af97-adcabf310f9b advisory. - The Go project reports: archive/tar: unbounded memory consumption when reading headers...

PT-2022-19246 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to the fixed version Description: The issue concerns the ReverseProxy in Go, which includes raw query parameters from the inbound request, including unparsable parameters rejected by net/http, potentially permitting query...

Google Golang 环境问题漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

go -- multiple vulnerabilities

The Go project reports: archive/tar: unbounded memory consumption when reading headers Reader.Read did not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics...

CVE-2022-37461

Multiple cross-site scripting XSS vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the 2 groupID, 3 offset, or 4 limit parameter to a...

Rocket.Chat users.list Information Disclosure Vulnerability

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, which stems from allowing the "users.list" REST endpoint to fetch query parameters from JSON and run Users.findqueryFromClientSide, which can be exploited by an...

PT-2022-24805 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: The issue allows unauthenticated users to take over an Onedev instance if there is no properly configured reverse proxy. The "/git-prereceive-callback" endpoint, intended for localhost access, can b...

The vulnerability of the pg_queryParams() function in the PHP programming language allows a hacker to execute arbitrary code.

The vulnerability of the pgqueryParams function in the PHP programming language is related to the misuse of an uninitialized array. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Exploit for Cross-Site Request Forgery (CSRF) in Jetbrains Teamcity

CVE-2022-24342 JetBrains TeamCity - account takeover via CSRF...

Update now! Mozilla fixes security vulnerabilities and introduces a new privacy feature for Firefox

Mozilla released version 102.0 of the Firefox browser to Release channel users on June 28, 2022. The new version fixes 20 security vulnerabilities, five of which are classified as “High”. The new version also comes with a new privacy feature that strips parameters from URLs that track you around...

UBUNTU-CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

OMERO-web Sensitive Data Exposure

OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...

TIETEN Acronis Cyber Protect 输入验证错误漏洞

Acronis Cyber Protect is an application. Provides unified protection for your network by integrating backup, disaster recovery, artificial intelligence-based malware protection, remote assistance and security into a single, reliable tool.Acronis Cyber Protect 15 Linux, Windows is vulnerable to an...

karma input validation error vulnerability

karma is a simple tool that allows you to execute JavaScript code in multiple real browsers. karma versions prior to 6.3.16 have a security vulnerability that stems from a lack of validation of returned url query parameters, which could be exploited to perform redirect attacks...

CLSA-2022-1646085619 Fix of CVE: CVE-2020-27619, CVE-2021-23336

CVE-2020-27619: Unsafe use of eval on data retrieved via HTTP in the test suite rhbz1889886 - CVE-2021-23336: Web cache poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a semicolon in query parameters rhbz1928904...

UIkarma 输入验证错误漏洞

karma is a simple tool that allows you to execute JavaScript code in multiple real browsers. karma versions prior to 6.3.16 have a security vulnerability that stems from a lack of validation of returned url query parameters, which could be exploited to perform redirect attacks...

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...