Lucene search
K

523 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

7.5CVSS7.1AI score0.01261EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.9 views

SUSE CVE-2026-11525

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS5.9AI score0.00248EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/17 6:22 p.m.9 views

Permissive List of Allowed Inputs

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via permissive substring matching in the Set-Cookie attribute parsing. An attacker can weaken cookie SameSite enforcement by crafting a...

8.3CVSS5.9AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.9 views

CRLF Injection

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection in the parseSetCookie. An attacker can inject arbitrary HTTP headers by supplying specially crafted percent-encoded values in the Set-Cookie header, which...

9.2CVSS6AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 6:18 p.m.18 views

CVE-2026-9679

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 6:17 p.m.13 views

CVE-2026-11525

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS0.00248EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:17 p.m.4 views

UBUNTU-CVE-2026-11525

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS5.9AI score0.00248EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 5:31 p.m.6 views

CVE-2026-11525

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS5.4AI score0.00248EPSS
Exploits0
CVE
CVE
added 2026/06/17 5:31 p.m.65 views

CVE-2026-11525

The issue affects undici’s cookie parsing in Set-Cookie headers. The root cause is a permissive substring match for the SameSite attribute during parsing, accepting any value containing Strict, Lax, or None instead of enforcing a case-insensitive exact match per RFC 6265. This can cause downstrea...

3.7CVSS5.4AI score0.00248EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/17 5:31 p.m.50 views

CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 4:56 p.m.24 views

CVE-2026-9679 undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50516

Name of the Vulnerable Software and Affected Versions undici versions 6.x prior to 6.26.0 undici versions 7.0.0 through 7.27.x undici versions 8.x prior to 8.5.0 Description The cookie parser in the parseSetCookie function percent-decodes cookie values using qsUnescape, which converts encoded...

5.9CVSS5.5AI score0.00257EPSS
Exploits0References86
Patchstack
Patchstack
added 2026/06/16 2:8 p.m.6 views

NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 2:8 p.m.6 views

GHSA-J6C9-X7QJ-28XF hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.4AI score0.00186EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 2:8 p.m.7 views

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the AWS Lambda adapter's handling of multiple Set-Cookie headers. An attacker can cause clients to drop or misinterpret cookies by triggering...

6.9CVSS5.9AI score0.00186EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:8 p.m.14 views

hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.3AI score0.00186EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49734

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-47675

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite an...

5.3CVSS5.4AI score0.00216EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/04 5:59 p.m.14 views

Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Summary The serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite and priority. An application that passes user-controlled input into either option may produce a...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/04 5:59 p.m.9 views

GHSA-3HRH-PFW6-9M5X Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Summary The serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, \r, \n, but does not apply the same validation to sameSite and priority. An application that passes user-controlled input into either option may produce a...

4.3CVSS5.8AI score0.00216EPSS
Exploits0References5
Rows per page
Query Builder