Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

Node.js 14.x < 14.20.0 / 16.x < 16.16.0 / 18.x < 18.5.0 Multiple Vulnerabilities (July 7th 2022 Security Releases).

The version of Node.js installed on the remote host is prior to 14.20.0, 16.16.0, 18.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 7th 2022 Security Releases advisory. - The llhttp parser in the http module does not correctly parse and validate...

The vulnerability of the WSGI server for Python Waitress, related to HTTP request processing flaws, allows attackers to access confidential data and compromise its integrity.

The vulnerability of the WSGI server for Python Waitress relates to the improper handling of special header characters in the Transfer-Encoding header. Exploiting this vulnerability allows an attacker to remotely access confidential data and compromise its integrity through a specially crafted...

nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS, causing web cache poisoning, and conducting XSS attacks...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956

CVE-2022-39956 affects the OWASP ModSecurity Core Rule Set (CRS) and enables a partial rule set bypass for HTTP multipart requests when a payload uses certain character encoding schemes in Content-Type or Content-Transfer-Encoding headers. The issue impacts legacy CRS versions 3.0.x and 3.1.x, an...

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

OWASP ModSecurity Core Rule Set 安全漏洞

The OWASP ModSecurity Core Rule Set CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A security vulnerability exists in OWASP ModSecurity Core Rule Set CRS that stems from Content-Type or Content-Transfer-Encoding MIME header field...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

September 23rd 2022 Security Releases

September 23rd 2022 Security Releases Update 26-September-2022 Security releases available Recommendation update regarding CVE-2022-35255: Roll-out and re-issue all keys generated with WebCrypto.subtle.generateKey. Re-evaluate the confidentiality of data encrypted with those keys. Update...

The vulnerability of the WSGI server for Python Waitress allows attackers to compromise data integrity.

The vulnerability of the WSGI server for Python Waitress is related to an incorrect analysis of the Transfer-Encoding header. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding

A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle...

nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS, causing web cache poisoning, and conducting XSS attacks...

nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS, causing web cache poisoning, and conducting XSS attacks...

Moderate: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs:16 security and bug fix update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

ALSA-2022:6448 Moderate: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodi...