9 matches found
CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
PT-2026-29857
Rack versions 3.0.0.beta1 through 3.1.21, and 3.2.0 through 3.2.6 are affected by an issue where the Rack::Request component improperly parses the Host header, accepting characters not permitted in RFC-compliant hostnames such as /, ?, , and @. This can lead to host header poisoning in applicatio...
EUVD-2023-0986
Malicious code in bioql PyPI...
Server-side Request Forgery (SSRF)
lambdaisland:uri is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to the authority-regex which allows an attacker to send malicious URLs to be parsed without properly handling the backslash \ character in the host, allowing an attacker to parse an untrusted source...
GHSA-CP4W-6X4W-V2H5 lambdaisland/uri `authority-regex` returns the wrong authority
Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...
DEBIAN-CVE-2023-28628
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...
CVE-2023-28628
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...
CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...
CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...