Lucene search
K

4 matches found

Snyk
Snyk
•added 2026/03/11 6:44 p.m.•6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS7.2AI score0.00277EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/11 6:44 p.m.•3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS5.8AI score0.00277EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 2026/03/11 3:54 p.m.•5 views

CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.1CVSS5.8AI score0.00277EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
•added 2026/03/11 12:0 a.m.•9 views

PT-2026-24718

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.10 Description Traefik is an HTTP reverse proxy and load balancer. A tenant with write access to an HTTPRoute resource can inject rule tokens into Traefik’s router rule language through unsanitized header or query...

9.9CVSS7.1AI score0.22162EPSS
Exploits69References137
Rows per page
Query Builder