CVE-2024-32980 Spin contains a potential network sandbox escape for specifically configured Spin applications

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header...

CVE-2024-32980

CVE-2024-32980 affects Spin prior to 2.4.3. Specifically configured Spin applications that use self requests without a URL authority can be induced to make requests to arbitrary hosts via the Host header. Vulnerable conditions include: routing requests based on URL rather than Host while preservi...

Spin 安全漏洞

Spin is an open source software verification tool. It is used for explicit stateful logic model checking. A security vulnerability exists in Spin versions prior to 2.4.3, which stems from a specially configured Spin application that uses "self" requests without specifying URL permissions, and may...

PT-2024-25028 · Spin · Spin

Name of the Vulnerable Software and Affected Versions: Spin versions prior to 2.4.3 Description: The issue affects specifically configured Spin applications that use self requests without a specified URL authority, allowing them to be induced to make requests to arbitrary hosts via the Host HTTP...