Lucene search
K

250 matches found

OSV
OSV
added 2025/04/22 4:56 p.m.154 views

GO-2025-3603 Query smuggling in ch-go library in github.com/ClickHouse/ch-go

Query smuggling in ch-go library in github.com/ClickHouse/ch-go...

5.9CVSS6.7AI score0.00342EPSS
Exploits0References3
Veracode
Veracode
added 2025/04/21 4:19 a.m.312 views

HTTP Request Smuggling

github.com/clickhouse/ch-go is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper parsing or handling of HTTP requests. Specifically, the vulnerability arises from the way large, uncompressed malicious external data is processed, allowing an attacker to smuggle an addition...

5.9CVSS6.6AI score0.00342EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/04/12 3:41 a.m.150 views

GHSA-M454-3XV7-QJ85 CVE-2025-1386- Query smuggling in ch-go library

Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. Patches If you are using ch-go library, we...

5.9CVSS6.8AI score0.00342EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/04/12 3:41 a.m.169 views

CVE-2025-1386- Query smuggling in ch-go library

Impact When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream. Patches If you are using ch-go library, we...

5.9CVSS6.9AI score0.00342EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2025/04/12 3:31 a.m.4 views

SUSE CVE-2025-1386

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.3CVSS6.8AI score0.00342EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2025/04/12 12:0 a.m.146 views

CVE-2025-1386- Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS6.8AI score0.00342EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/04/11 5:15 a.m.27 views

CVE-2025-1386

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/11 4:27 a.m.27 views

CVE-2025-1386 Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS0.00342EPSS
Exploits0References1
OSV
OSV
added 2025/04/11 4:27 a.m.6 views

CVE-2025-1386 Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS5.9AI score0.00342EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/11 4:27 a.m.8 views

CVE-2025-1386 Query smuggling in ch-go library

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS6.5AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2025/04/11 4:27 a.m.1894 views

CVE-2025-1386

CVE-2025-1386 concerns the ch-go library from github.com/ClickHouse/ch-go. The issue is a vulnerability in which, under a specific condition where a query includes large, uncompressed external data, an attacker who controls that data can smuggle another query packet into the same connection strea...

5.9CVSS6.6AI score0.00342EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.5 views

PT-2025-16026

Name of the Vulnerable Software and Affected Versions: ch-go library versions prior to 0.65.0 Description: The issue arises when the ch-go library is used under a specific condition where the query includes large, uncompressed malicious external data. This allows an attacker in control of such da...

9.9CVSS5.1AI score0.00955EPSS
Exploits1References38
CVE
CVE
added 2024/12/19 4:11 p.m.3932 views

CVE-2024-12801

CVE-2024-12801 describes a Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback up to 1.5.12 on the Java platform, enabling forging requests via compromised XML configuration via modification of the DOCTYPE declaration. The connected IBM Security Bulletin for this CVE lists af...

2.4CVSS6.3AI score0.00221EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/08/07 3:15 p.m.7 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

7.5CVSS6.7AI score0.01258EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2024/08/01 10:40 p.m.9 views

yougotnet.com Cross Site Scripting vulnerability OBB-3952706

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/10 5:15 a.m.5 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-38875 via django (>=4.2.0 <=4.2.13)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-38875 Source advisory: OSV:PYSEC-2024-56...

7.5CVSS6.6AI score0.01187EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2024/05/22 11:19 a.m.8 views

memo3.ch Improper Access Control vulnerability OBB-3929911

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/04/04 2:39 p.m.9 views

ch-maubeuge.fr Cross Site Scripting vulnerability OBB-3902391

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/26 10:14 a.m.6 views

ch-cahors.fr Cross Site Scripting vulnerability OBB-3887003

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/26 5:48 a.m.5 views

i45.ch Cross Site Scripting vulnerability OBB-3886702

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder