3 matches found
EUVD-2026-26714
Bandit trusts client-supplied URI scheme on plaintext connections...
CVE-2026-39807
The CVE describes a vulnerability in Bandit (Elixir) where the function Elixir.Bandit.Pipeline:determine_scheme/2 returns the client-supplied URI scheme verbatim, ignoring the transport’s secure flag. On plaintext TCP, a client can declare https and Bandit will set conn.scheme = :https even witho...
PT-2026-36542
Name of the Vulnerable Software and Affected Versions bandit versions 1.0.0 through 1.10.f Description Reliance on untrusted inputs in a security decision allows unauthenticated transport-state spoofing on plaintext HTTP connections. The function determine scheme/2 in Elixir.Bandit.Pipeline retur...