5 matches found
DEBIAN-CVE-2023-51713
makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...
UBUNTU-CVE-2023-51713
makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...
Open Redirect in tjenkinson/url-toolkit
✍️ Description url-toolkit mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while url-toolkit sees it as a relative path. Which will lead to SSRF attacks, open redirects,...
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-27515
CVE-2021-27515 affects the url-parse library (before 1.5.0), where backslash sequences in the protocol (e.g., http:/ or http:) can cause the parser to treat the URI as a relative path. Public advisories (Debian/Ubuntu) list this alongside other url-parse issues and indicate fixes via package upgr...