24 matches found
Directory Traversal
SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper handling of double URL decoding in the serveExport function, which allows an attacker to use double-encoded traversal sequences to read arbitrary files from the workspace...
GHSA-HJH7-R5W8-5872 SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869)
Summary The fix for CVE-2026-30869 in SiYuan v3.5.10 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding %252e%252e to traverse directories and read arbitrary...
GHSA-72GR-QFP7-VWHW h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`
Summary The serveStatic utility in h3 applies a redundant decodeURI call to the request pathname after H3Event has already performed percent-decoding with %25 preservation. This double decoding converts %252e%252e into %2e%2e, which bypasses resolveDotSegments since it checks for literal...
h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`
Summary The serveStatic utility in h3 applies a redundant decodeURI call to the request pathname after H3Event has already performed percent-decoding with %25 preservation. This double decoding converts %252e%252e into %2e%2e, which bypasses resolveDotSegments since it checks for literal...
EUVD-2014-3586
Malware in sbrugna...
EUVD-2024-1104
Malicious code in bioql PyPI...
Path Traversal
mlflow is vulnerable to a path traversal vulnerability. The vulnerability is due to an extra unquote operation in the deleteartifacts function of localartifactrepo.py, which fails to properly sanitize user-supplied paths. Attackers can exploit the double decoding process in the...
GHSA-5MVJ-WMGJ-7Q8C mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
CVE-2024-1560
CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...
CVE-2024-1560 Path Traversal Vulnerability in mlflow/mlflow
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...
SUSE CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
Requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. For example a request to the ConcatServlet with a URI of /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the...
GHSA-GWCR-J4WH-J3CQ Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
Requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. For example a request to the ConcatServlet with a URI of /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the...
Internet Bug Bounty: Cache Manager ACL Bypass
Summary: ACL Manager can be bypassed giving non authorized users to squid-internal-mgr. Possible to bypass other urlregex, but only focused on manager. with the hostname of the server running squid echo -e "GET https://jeriko.one%252f@:3128/squid-internal-mgr/activerequests HTTP/1.1\r\n\r\n" |nc...
Directory traversal
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...
CVE-2014-3626
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...
CVE-2014-3626
The CVE-2014-3626 vulnerability affects the Grails Resource Plugin (pre-1.2.13). A directory-traversal protection bug caused the plugin to return the decoded URI after the traversal check instead of the normalized URI, enabling a double-decoding issue. The fixed behavior repeatedly decodes the UR...
CVE-2014-3626
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...
DEBIAN-CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...