Lucene search
K

14 matches found

RedHat Linux
RedHat Linux
added 2026/04/27 1:54 p.m.15 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References8
RubySec
RubySec
added 2026/04/02 12:0 a.m.11 views

Rack::Request accepts invalid Host characters, enabling host allowlist bypass

Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-6763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpU...

5.3CVSS6.1AI score0.00986EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.4 views

org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

A flaw was found in Jetty. The HttpURI class performs insufficient validation on the authority segment of a URI. The HttpURI and the browser may differ on the value of the host extracted from an invalid URI. This combination of Jetty and a vulnerable browser may be vulnerable to an open redirect...

5.3CVSS5.7AI score0.00986EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.9 views

CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

6.5CVSS6.5AI score0.00553EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/07 9:15 p.m.2 views

CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario...

4CVSS6.8AI score0.01173EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/07/07 9:15 p.m.4 views

UBUNTU-CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario...

2.7CVSS6.8AI score0.01173EPSS
Exploits0References4
OSV
OSV
added 2022/07/07 8:55 p.m.5 views

GHSA-CJ7V-27PG-WF7Q Jetty invalid URI parsing may produce invalid HttpURI.authority

Description URI use within Jetty's HttpURI class can parse invalid URIs such as http://localhost;/path as having an authority with a host of localhost;. A URIs of the type http://localhost;/path should be interpreted to be either invalid or as localhost; to be the userinfo and no host. However,...

2.7CVSS7.1AI score0.01173EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/11/09 6:32 p.m.4 views

python-urllib3: ReDoS in the parsing of authority part of URL

A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. T...

7.5CVSS7.3AI score0.03273EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/11/09 5:54 p.m.4 views

python-urllib3: ReDoS in the parsing of authority part of URL

A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. T...

7.5CVSS7.3AI score0.03273EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/09/08 7:26 p.m.7 views

python-urllib3: ReDoS in the parsing of authority part of URL

A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. T...

7.5CVSS7.3AI score0.03273EPSS
Exploits0References5
OSV
OSV
added 2021/06/28 4:58 p.m.6 views

SUSE-RU-2021:2194-1 Recommended update for the Azure and AWS SDKs

This update for the SLE Public Cloud module provides the following fixes: Azure SDK update: This update for the Azure SDK and CLI adds support for the AHB Azure Hybrid Benefit. bsc1176784, jscECO-3105 AWS SDK update: This update for the AWS SDK updates python-boto3 to version 1.17.9 and aws-cli t...

7.5CVSS7.1AI score0.03273EPSS
Exploits0References9
OSV
OSV
added 2018/07/31 9:29 p.m.2 views

DEBIAN-CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

7.5CVSS9.2AI score0.05915EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2018/07/31 9:0 p.m.4 views

CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

5.3CVSS7.2AI score0.05915EPSS
Exploits0References12
Rows per page
Query Builder