Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2026/06/11 1:4 p.m.21 views

guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/08 7:13 p.m.9 views

NPM: fast-uri vulnerable to host confusion via percent-encoded authority delimiters

NPM: fast-uri vulnerable to host confusion via percent-encoded authority delimiters vulnerability discovered by ? in WordPress Npm fast-uri versions = 3.1.1...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 7:13 p.m.7 views

GHSA-V39H-62P7-JPJC fast-uri vulnerable to host confusion via percent-encoded authority delimiters

Impact fast-uri v3.1.1 and earlier decodes percent-encoded authority delimiters %40 as @, %3A as : inside the host component and serializes them back as raw characters. This changes the URI structure, turning a hostname into userinfo plus a different host. For example,...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/05 11:16 a.m.9 views

CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 11:16 a.m.9 views

UBUNTU-CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 10:29 a.m.9 views

CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/05 10:29 a.m.6 views

CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.8AI score0.00475EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-36996

Name of the Vulnerable Software and Affected Versions fast-uri versions prior to 3.1.2 Description The normalize function decoded percent-encoded authority delimiters within the host component and re-emitted them as raw delimiters during serialization. This allows a host combining an allowed...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References245
Rows per page
Query Builder