11 matches found
CVE-2026-6414 @fastify/static vulnerable to route guard bypass via encoded path separators
@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators %2F before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. F...
CVE-2026-6414
@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators %2F before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. F...
CVE-2026-6414 @fastify/static vulnerable to route guard bypass via encoded path separators
@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators %2F before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. F...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
The vulnerability of the XMPP Dino chat client, related to deficiencies in path name limitation, allows attackers to compromise data integrity.
The vulnerability of the XMPP Dino chat client is related to a bug in URI-encoded path separators. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...
MGASA-2021-0401 Updated dino packages fix security vulnerability
Updated dino packages fix security vulnerability: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators CVE-2021-33896...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
CVE-2021-33896
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators...
Updated python & python3 packages fix two vulnerabilities
Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...
UBUNTU-CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...