72 matches found
PT-2025-47489
Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.15.8 Description Astro versions prior to 5.15.8 contain a path normalization discrepancy between how the framework routes requests and how middleware validates them. Astro uses decodeURI to determine the route, while...
EUVD-2006-5602
Malware in sbrugna...
EUVD-2021-20569
Malware in sbrugna...
EUVD-2024-1991
Malicious code in bioql PyPI...
EUVD-2024-47443
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-6162
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises becau...
CVE-2021-37699
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly ha...
rack: rubygem-rack: Local File Inclusion in Rack::Static
A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...
SUSE CVE-2025-27610
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...
BIT-GITLAB-2024-6329 Improper Encoding or Escaping of Output in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...
UBUNTU-CVE-2024-6329
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...
CVE-2024-6329 Improper Encoding or Escaping of Output in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...
PT-2024-5513 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.16 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2 Description: The issue causes the web interface to fail to render the diff correctly when the path is encoded. This ...
undertow: url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
DEBIAN-CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
UBUNTU-CVE-2024-6162
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
Rocky Linux 8 : grafana (RLSA-2022:1781)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1781 advisory. - Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability fo...
GHSA-VCVG-XGR8-P5GQ Arbitrary file read using percent-encoded relative paths in FileMiddleware
Impact Attackers can access data at arbitrary filesystem paths on the same host as an application using FileMiddleware. Patches Version 4.29.4 Workarounds Upgrade to 4.24.4 or later, or disable FileMiddleware. References Introduced in https://github.com/vapor/vapor/pull/2223 Fixed by...
Arbitrary File Read
Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Arbitrary File Read. This can be caused by using percent-encoded relative paths in FileMiddleware. Remediation Upgrade vapor/vapor to version 4.29.4 or higher. References - GitHu...
CVE-2021-43813
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...