Lucene search
K

29 matches found

Github Security Blog
Github Security Blog
added 2026/06/08 11:55 p.m.42 views

Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

5.8AI score0.0007EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/25 7:32 p.m.3 views

GHSA-444R-CWP2-X5XF fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections

Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/25 7:32 p.m.5 views

fastify: request.protocol and request.host Spoofable via X-Forwarded-Proto/Host from Untrusted Connections

Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/23 5:10 p.m.4 views

CVE-2026-3635

A flaw was found in fastify. When the trustProxy option is configured with a restrictive trust function, such as a specific IP, a subnet, a hop count or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection,...

6.1CVSS5.6AI score0.0012EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 1:53 p.m.1 views

CVE-2026-3635 Fastify request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function

Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/23 1:53 p.m.3 views

CVE-2026-3635

Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 1:53 p.m.52 views

CVE-2026-3635

CVE-2026-3635 : In Fastify (affected: fastify

6.1CVSS5.8AI score0.0012EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/23 1:53 p.m.22 views

CVE-2026-3635 Fastify request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function

Summary When trustProxy is configured with a restrictive trust function e.g., a specific IP like trustProxy: '10.0.0.1', a subnet, a hop count, or a custom function, the request.protocol and request.host getters read X-Forwarded-Proto and X-Forwarded-Host headers from any connection — including...

6.1CVSS0.0012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27132

Name of the Vulnerable Software and Affected Versions fastify versions through 5.8.2 Description When the trustProxy setting is configured with a restrictive trust function—such as a specific IP address, a subnet, a hop count, or a custom function—the request.protocol and request.host getters...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1578

Malicious code in bioql PyPI...

8.2CVSS7.6AI score0.00856EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-17108

Malicious code in bioql PyPI...

9.8CVSS7.4AI score0.005EPSS
Exploits0References7
OSV
OSV
added 2025/03/12 7:18 a.m.12 views

BIT-MONGODB-2024-1351 MongoDB Server may allow successful untrusted connection

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failin...

9.8CVSS9.1AI score0.005EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.112 views

MongoDB Certificate Validation Vulnerability (SERVER-72839) - Windows

MongoDB is prone to a certificate validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

9.8CVSS7AI score0.005EPSS
Exploits0References5
Prion
Prion
added 2024/03/07 5:15 p.m.22 views

Input validation

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failin...

5.8CVSS7.3AI score0.005EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/03/07 5:15 p.m.40 views

CVE-2024-1351

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failin...

9.8CVSS6.8AI score0.005EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/03/07 4:10 p.m.33 views

CVE-2024-1351 MongoDB Server may allow successful untrusted connection

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failin...

8.8CVSS8.9AI score0.005EPSS
Exploits0References6
OSV
OSV
added 2024/03/07 4:10 p.m.6 views

CVE-2024-1351 MongoDB Server may allow successful untrusted connection

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failin...

8.8CVSS7.1AI score0.005EPSS
Exploits0References8
MongoDB
MongoDB
added 2024/02/29 9:31 a.m.36 views

MongoDB Server may allow successful untrusted connection

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failin...

9.8CVSS7.2AI score0.005EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/05/11 8:40 p.m.21 views

GHSA-QVQG-6RP8-4P9H github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...

5.3CVSS7.6AI score0.00856EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/05/11 8:40 p.m.39 views

github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...

8.2CVSS6.2AI score0.00856EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder