CVE-2020-7659

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

CVE-2025-3445

CVE-2025-3445 (Zip Slip in mholt/archiver, Go) : A crafted ZIP can cause path traversal during archiver.Unarchive(zipFile, outputDir), permitting write/overwrite of files with the app’s privileges. This can lead to privilege escalation or code execution in affected setups. The advisory notes a TA...

PYSEC-2024-97

UNSUPPORTED WHEN ASSIGNED Improper Authentication vulnerability in Apache Submarine Commons Utils.This issue affects Apache Submarine Commons Utils: from 0.8.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor t...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the XFree function at /src/video/x11/SDLx11yuv.c. Note: This release of the project has been deprecated in favor of a 2.0 release, and a fix version will likely not be published. Remediation A fix was pushed into the...

UBUNTU-CVE-2020-7659

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

CVE-2020-7659

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

HTTP Request Smuggling

Overview reel is a fast, non-blocking "evented" web server built on httpparser.rb, websocket-driver, Celluloid::IO, and nio4r. Note: This project is deprecated, and is not maintained anymore. Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and...