Lucene search
K

30 matches found

Cvelist
Cvelist
added 2026/06/16 11:10 p.m.16 views

CVE-2026-44587 CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters

CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. In...

4.7CVSS0.00223EPSS
Exploits1References3
CVE
CVE
added 2026/06/16 11:10 p.m.22 views

CVE-2026-44587

CarrierWave (Ruby) before versions 2.2.7 and 3.1.3 contains a denylisted_content_type bypass: denylist entries are interpolated into a regex without Regexp.quote or a start anchor, so entries like image/svg+xml render the pattern that fails to match the real MIME type (e.g., /image/svg+x/). This ...

6.1CVSS5.4AI score0.00223EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35878

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

7.1CVSS5.5AI score0.00288EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/04 2:24 p.m.81 views

Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...

7.5CVSS6AI score0.00645EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/27 12:3 a.m.10 views

GHSA-7G26-2QGJ-CHFG CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters

Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...

4.7CVSS5.9AI score0.00223EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43454

Name of the Vulnerable Software and Affected Versions CarrierWave versions prior to 2.2.7 CarrierWave versions prior to 3.1.3 Description CarrierWave is a framework used to upload files from Ruby applications. The content type denylist check fails to escape regex metacharacters in string entries,...

4.7CVSS5.3AI score0.00223EPSS
Exploits1References9
OSV
OSV
added 2026/04/21 5:17 p.m.5 views

GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.7 views

SUSE CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References6
OSV
OSV
added 2026/04/02 8:32 p.m.4 views

GHSA-7MQQ-6CF9-V2QP Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory

Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...

5.3CVSS6AI score0.0024EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:43 p.m.1 views

CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/02/09 8:15 p.m.5 views

CVE-2026-25478

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...

7.4CVSS0.00383EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/09 6:48 p.m.2 views

CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

6.5CVSS5.5AI score0.00316EPSS
Exploits1References4
CVE
CVE
added 2026/02/09 6:48 p.m.15 views

CVE-2026-25479

Litestar is an ASGI framework. Prior to 2.20.0, litestar.middleware.allowed_hosts compiles allowlist entries into regex patterns in a way that lets regex metacharacters retain special meaning (e.g., . matches any character). This can enable a bypass where a host that matches the regex is not the ...

6.5CVSS5.5AI score0.00316EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/09 6:48 p.m.4 views

CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

6.5CVSS5.5AI score0.00316EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/09 6:48 p.m.23 views

CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

6.5CVSS0.00316EPSS
Exploits1References4
OSV
OSV
added 2026/02/09 6:46 p.m.5 views

CVE-2026-25478 Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...

7.4CVSS5.5AI score0.00383EPSS
Exploits1References6
CVE
CVE
added 2026/02/09 6:46 p.m.11 views

CVE-2026-25478

Litestar (ASGI framework) contains a vulnerability in CORSConfig.allowed_origins_regex prior to 2.20.0 where a regex built from allowlist values is used with fullmatch without escaping metacharacters, allowing a malicious origin to match unexpectedly. Impact is indicated as HIGH (CVSS 3.1: AV:N/A...

7.4CVSS5.5AI score0.00383EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/09 5:19 p.m.7 views

Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns

Summary AllowedHosts host validation can be bypassed because configured host patterns are turned into regular expressions without escaping regex metacharacters notably .. A configured allowlist entry like example.com can match exampleXcom Details In litestar.middleware.allowedhosts, allowlist...

6.5CVSS5.5AI score0.00316EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/09 5:18 p.m.6 views

GHSA-2P2X-HPG8-CQP2 Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins

Summary CORS origin validation can be bypassed because the allowed-origins allowlist is compiled into a regex without escaping metacharacters notably .. An allowed origin like https://good.example can match https://goodXexample, resulting in Access-Control-Allow-Origin being set for an untrusted...

7.4CVSS5.4AI score0.00383EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/17 3:29 a.m.22 views

Radicale regex metacharacters injection in the user name

Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by...

5.3CVSS6.4AI score0.02219EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder