3 matches found
@100x/application (>=0.0.1 <=0.0.6), @aero-js/cli (=0.4.0) +42 more potentially affected by CVE-2026-44372 via nitro (>=0.0.0 <=3.0.260415-beta)
nitro NPM version =0.0.0, =0.0.1, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.1.0, =0.1.0, =0.4.2, =2.4.0-alpha.2, =2.4.0-alpha.2, =3.0.0-alpha.55 and more Source cves: CVE-2026-44372 Source advisory: OSV:GHSA-9PHM-9P8F-HW5M...
PT-2026-38253
Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An attacker can bypass proxy route rules by sending percent-encoded path traversal sequences ..%2f in the URL. This occurs when Nitro treats these characters as...
PT-2026-38252
Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An issue exists where an attacker can transform a redirect route rule using wildcards into a cross-host redirect by inserting an extra slash after the rule...