CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

CVE-2026-44437

Summary: CVE-2026-44437 affects Angular SSR before fixed versions 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7. The vulnerability lies in the X-Forwarded-Prefix header processing: the internal validation does not properly account for URL-encoded characters (notably dots like %2e%2e), enabling enco...

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

Angular 路径遍历漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular versions prior to 19.0.0-next.0, 20.3.25, 21.2.9, and 22.0.0-next.7 contain a path traversal vulnerability. This...

gRPC 安全漏洞

gRPC is a modern, open-source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from an incorrect state of a mis-encoded header that is not cleared between header reads, potentially disclosing the HTTP header keys of...

Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3f6-pc54-gfw7. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...

Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3f6-pc54-gfw7. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...

CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

Integer overflow

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

CVE-2022-24667

What is affected: swift-nio-http2. Vulnerability: HPACK header block parsing bugs allow a maliciously crafted header block to crash the server, causing denial of service. Versions affected: 1.0.0 through 1.19.1. Root cause: multiple implementation errors in parsing HPACK-encoded headers in HTTP/2...