286 matches found
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition via the Request function in the client.go file. An attacker can access or leak proxy configuration and potentially sensitive data by exploiting concurrent requests that mutate shared HTTP client properties without...
EUVD-2026-1381
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
CVE-2026-21697 axios4go's Race Condition in Shared HTTP Client Allows Proxy Configuration Leak
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global defaultClient is mutated during request execution without synchronization, directly modifying the shared http.Client's Transport, Timeout, and...
CVE-2026-21697
CVE-2026-21697 affects the Go HTTP client library axios4go. Prior to version 0.6.4, a race condition mutates the shared default http.Client configuration during request execution without synchronization, directly altering Transport, Timeout, and CheckRedirect. This can enable leakage of proxy con...
PT-2026-2093
Name of the Vulnerable Software and Affected Versions axios4go versions prior to 0.6.4 Description axios4go is a Go HTTP client library affected by a race condition in its shared HTTP client configuration. The global defaultClient is modified during request execution without proper synchronizatio...
CVE-2025-47350 Use After Free in DSP Service
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application...
CVE-2025-67505
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...
CVE-2025-67490
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
CVE-2025-67505
The CVE-2025-67505 entry describes a race condition in the Okta Java Management SDK (versions 11.0.0 through 20.0.0) caused by concurrent requests using the ApiClient class. This condition can allow the status code or response header from one request to influence another request’s response. Red H...
CVE-2025-67505 Race condition in the Okta Java SDK
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...
CVE-2025-67505 Race condition in the Okta Java SDK
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...
CVE-2025-67505 Race condition in the Okta Java SDK
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
CVE-2025-67490
CVE-2025-67490 affects the Auth0 Next.js SDK (auth0/nextjs-auth0). Versions 4.11.0–4.11.2 and 4.12.0 may cause simultaneous requests on the same client to produce improper lookups in the TokenRequestCache. The issue is fixed in versions 4.11.2 and 4.12.1. If you rely on this SDK, upgrade to 4.11....
nextjs-auth0 安全漏洞
nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.11.0 through 4.11.2 and 4.12.0, which stems from the fact that simultaneous requests on the same client may result in improper lookups in TokenRequestCache...
Okta Java Management SDK 竞争条件问题漏洞
Okta Java Management SDK is an open source Java development toolkit from Okta, Inc. A Competitive Condition Issue vulnerability exists in Okta Java Management SDK versions 11.0.0 through 20.0.0, which arises from concurrent requests using the ApiClient class that may result in a competitive...
PT-2025-50552
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
Race Condition
Overview lifx-async is an A modern, type-safe, async Python library for controlling LIFX lights Affected versions of this package are vulnerable to Race Condition due to improper synchronization in concurrent request handling within the network module. The package fails to implement adequate...
SUSE CVE-2025-59089
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...