CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

RedhatCVE•added 2025/05/23 12:32 a.m.•4 views

CVE-2022-30288

Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors...

7.5CVSS7AI score0.00367EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:12 p.m.•4 views

CVE-2020-7670

agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct...

7.5CVSS6.7AI score0.00289EPSS

Exploits0References1

ATTACKERKB•added 2022/05/04 11:15 p.m.•0 views

CVE-2022-30288

7.5CVSS7.2AI score0.00367EPSS

Exploits1References4

NVD•added 2022/05/04 11:15 p.m.•4 views

CVE-2022-30288

7.5CVSS0.00367EPSS

Exploits1References3

OSV•added 2022/05/04 11:15 p.m.•5 views

CVE-2022-30288

7.5CVSS6.9AI score

Exploits0References3

Prion•added 2022/05/04 11:15 p.m.•8 views

Design/Logic Flaw

DISPUTED Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors."...

5CVSS7.6AI score0.00367EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2022/05/04 10:31 p.m.•11 views

CVE-2022-30288

7.3AI score0.00367EPSS

Exploits1References3

CVE•added 2022/05/04 10:31 p.m.•503 views

CVE-2022-30288

CVE-2022-30288 affects Agoo (Ruby HTTP server). The vulnerability arises in versions before 2.14.3 where GraphQL fragment spreads that form cycles are not rejected, potentially causing an application crash. Multiple validated sources (NVD, Red Hat, OSV, CVE lists, PT Security, CNNVD) confirm the ...

7.5CVSS7.5AI score0.00367EPSS

Exploits1References3Affected Software1

Cvelist•added 2022/05/04 10:31 p.m.•9 views

CVE-2022-30288

7.8AI score0.00367EPSS

Exploits1References3

CNNVD•added 2022/05/04 12:0 a.m.•1 views

Agoo 安全漏洞

Agoo is a Ruby-based HTTP server from the individual developer Peter Ohler. A security vulnerability exists in Agoo version 2.14.2 and earlier versions, which can be exploited by an attacker to cause an application to crash...

7.5CVSS7.3AI score0.00367EPSS

Exploits1References4

Positive Technologies•added 2022/05/04 12:0 a.m.•2 views

PT-2022-20047 · Agoo · Agoo

Name of the Vulnerable Software and Affected Versions: Agoo versions prior to 2.14.3 Description: The issue arises when Agoo does not reject GraphQL fragment spreads that form cycles, which can lead to an application crash. It has been disputed by the vendor, who claims it is not the server's...

7.5CVSS7.4AI score0.00367EPSS

Exploits1References10

OSV•added 2020/10/20 7:15 p.m.•2 views

GHSA-H385-52J6-9984 Withdrawn: HTTP Request Smuggling in Agoo

Withdrawn reason Withdrawn on 1/13/2021 due to this comment from the maintainer. This is no longer considered a vulnerability. Original description agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to...

7.5CVSS7.6AI score0.00289EPSS

Exploits0References4

Github Security Blog•added 2020/10/20 7:15 p.m.•43 views

Withdrawn: HTTP Request Smuggling in Agoo

7.5CVSS0.2AI score0.00289EPSS

Exploits0References5Affected Software1

RubySec•added 2020/10/20 12:0 a.m.•17 views

HTTP Request Smuggling in Agoo

agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be...

7.5CVSS1.9AI score0.00289EPSS

Exploits0References1Affected Software1

Veracode•added 2020/06/11 6:8 a.m.•10 views

HTTP Request Smuggling

agoo is vulnerable to HTTP request smuggling. When used as a backend and frontend proxy, an attacker is able to leverage TE:CL smuggling attacks by sending a content-length header twice or an invalid Transfer Encoding headers...

7.5CVSS1.2AI score0.00289EPSS

Exploits0References2Affected Software1

CNVD•added 2020/06/11 12:0 a.m.•24 views

agoo environmental issues loophole

agoo is a Ruby-based HTTP server by Peter Ohler Software Developers. An environmental issue vulnerability exists in agoo 2.12.3 and earlier versions. An attacker can exploit this vulnerability by sending the Content-Length header twice to conduct an HTTP request smuggling attack...

7.5CVSS6.6AI score0.00289EPSS

Exploits0References1

OSV•added 2020/06/10 4:15 p.m.•10 views

CVE-2020-7670

7.5CVSS6.7AI score

Exploits0References3

NVD•added 2020/06/10 4:15 p.m.•24 views

CVE-2020-7670

7.5CVSS0.00289EPSS

Exploits0References3

Prion•added 2020/06/10 4:15 p.m.•8 views

Design/Logic Flaw

5CVSS7.5AI score0.00289EPSS

Exploits0References3Affected Software1

CVE•added 2020/06/10 3:36 p.m.•42 views

CVE-2020-7670

Agoo prior to 2.14.0 is affected. The issue arises from incorrect parsing of Content-Length and Transfer-Encoding headers, enabling HTTP request smuggling when Agoo is used as a backend and a frontend proxy in a chain of backends. Impact is described as possible request smuggling due to TE/CL han...

7.5CVSS7.5AI score0.00289EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by