2 matches found
PT-2026-38252
Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An issue exists where an attacker can transform a redirect route rule using wildcards into a cross-host redirect by inserting an extra slash after the rule...
PT-2026-38253
Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An attacker can bypass proxy route rules by sending percent-encoded path traversal sequences ..%2f in the URL. This occurs when Nitro treats these characters as...