16 matches found
EUVD-2026-29193
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...
CVE-2026-22904
CVE-2026-22904 affects lighttpd, where improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow. This can result in a denial-of-service condition and potentially r...
CVE-2026-22904 Stack Overflow via Oversized Cookie Fields in lighttpd
Improper length handling when parsing multiple cookie fields including TRACKID allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution...
PT-2026-7082
Name of the Vulnerable Software and Affected Versions lighttpd affected versions not specified WAGO 0852-1322 affected versions not specified Description An issue exists where improper length handling during the parsing of multiple cookie fields, including the TRACKID field, can allow an...
BIT-PYTHON-MIN-2026-0672 Header injection in http.cookies.Morsel
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
python -- several security vulnerabilities
The Python project announces a new release with several security fixes: CVE-2026-1299: gh-144125: BytesGenerator will now refuse to serialize write headers that are unsafely folded or delimited; see verifygeneratedheaders. Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650. gh-143935:...
DEBIAN-CVE-2024-47764
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...
AZL-50085 CVE-2024-47764 affecting package js-jquery 3.5.0-4
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...
AZL-50067 CVE-2024-47764 affecting package nodejs-nodemon 2.0.3-5
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...
AZL-50073 CVE-2024-47764 affecting package js-jquery 3.5.0-4
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...
CLSA-2024-1711562558 curl: Fix of 3 CVEs
Moved tuxcare patches from 7.29.0-59.1.tuxcare.els2 - CVE-2023-38546: cookie: remove unnecessary struct fields - CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off...
CLSA-2023-1697465582 curl: Fix of CVE-2023-38546
CVE-2023-38546: cookie: remove unnecessary struct fields...
CLSA-2023-1697465164 curl: Fix of CVE-2023-38546
CVE-2023-38546: cookie: remove unnecessary struct fields...
CLSA-2023-1697464688 curl: Fix of CVE-2023-38546
CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...
CLSA-2023-1697464394 curl: Fix of CVE-2023-38546
CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...
CLSA-2023-1697463947 curl: Fix of CVE-2023-38546
CVE-2023-38546: cookie: remove unnecessary struct fields - Rebuild expired test certificates...