CVE-2024-3099 Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

CVE-2024-3099

CVE-2024-3099 affects mlflow/mlflow 2.11.1 and is caused by inadequate validation of model names, allowing URL-encoded names to be treated as distinct from their decoded counterparts. This enables an attacker to create multiple models with the same name, leading to DoS (an authenticated user may ...

PT-2024-23711 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.11.1 Description: A vulnerability in mlflow/mlflow allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might no...

CVE-2024-3584

CVE-2024-3584 affects qdrant/qdrant (version 1.9.0-dev) and is caused by improper input validation in the /collections/{name}/snapshots/upload endpoint, enabling path traversal via URL-encoded name to write/overwrite arbitrary files (e.g., /root/poc.txt). The vulnerability can lead to full system...

CVE-2024-3584 Path Traversal in qdrant/qdrant

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...

URL Injection

silverstripe/framework is vulnerable to URL Injection. The vulnerability is due to improper handling of URL encoding, which allows for the generation or interpretation of URLs with incorrect encoding, potentially leading to unexpected behavior or security vulnerabilities when processing these URL...

PT-2024-40096 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Silverstripe versions prior to a fixed version affected versions not specified Description: The issue affects Internet Explorer browsers, where requests do not encode all entities in the URL string. As a result, when rewriting hashlinks,...

CVE-2024-34712

Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...

CVE-2024-34712

Oceanic (NodeJS) vulnerability CVE-2024-34712 affects versions prior to 1.10.4. Input to functions like Client.rest.channels.removeBan is not URL-encoded, allowing crafted input such as ../../../channels/{id} to be normalized into /api/v10/channels/{id}, potentially causing unintended channel act...

CVE-2024-34712 Oceanic allows unsanitized user input to lead to path traversal in URLs

Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...

GHSA-R7H7-CHH4-5RVM Improper Access Control in Gitea

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in modules/auth/repoform.go...

Improper Access Control in Gitea

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in modules/auth/repoform.go...

OS Command Injection

paddlepaddle is vulnerable to OS Command Injection. The vulnerability is due to insufficient URL encoding in the scraping command implemented, allowing potential attackers to execute arbitrary commands on the host system, resulting in Command Injection...

undertow: url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

BIT-DJANGO-2020-13596

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack...

Insecure Deserialization

Dataease is vulnerable to Insecure Deserialization. The vulnerability is due not considering URL encoding while blacklisting certain user-controllable jdbc parameters in the JDBC connection url while calling methods getExtraParams and URLDecoder.decodegetExtraParams within Mysql.java. An attacker...

UBUNTU-CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

CVE-2023-47106 Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

Oracle Linux 6 / 7 : python27 (ELSA-2015-1064)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1064 advisory. - Add httplib fix for CVE-2013-1752 Resolves: rhbz1187779 - Fixed CVE-2013-1752, CVE-2013-1753 Resolves: rhbz1187779 Tenable has extracted the...

Oracle Linux 7 : libreoffice (ELSA-2020-1151)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1151 advisory. - Resolves: rhbz1743962 CVE-2019-9848 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...