CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

OpenSSL Security Advisory 20250930

OpenSSL Security Advisory 20250930 - An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the "noproxy" environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address...

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty versions 7.0.0 through 12.0.11, which stems from insufficient validation of the authority portion of the URI by the HttpURI class, which...

CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...