CVE-2024-31207

CVE-2024-31207 (Vite) : The vulnerability is in Vite’s server.fs.deny logic, which does not deny requests for patterns containing directories. This could allow access to unintended files or paths during development. Affected versions include 2.9.18 and 3.2.10 up to 5.2.6, 5.1.7, 5.0.13, and 4.5.3...

RUSTSEC-2022-0072 Location header incorporates user input, allowing open redirect

When hyper-staticfile performs a redirect for a directory request e.g. a request for /dir that redirects to /dir/, the Location header value was derived from user input the request path, simply appending a slash. The intent was to perform an origin-relative redirect, but specific inputs allowed...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

DEBIAN-CVE-2003-0015

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands...