8 matches found
GHSA-HM5P-X4RQ-38W4 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...
Mozilla: Content-Security-Policy base-uri bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead...