Lucene search
+L

6 matches found

osv
osv
added 2026/06/10 3:34 p.m.2 views

CVE-2026-45565 Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

8.1CVSS6AI score0.00304EPSS
Exploits0References3
euvd
euvd
added 2026/06/10 3:34 p.m.10 views

EUVD-2026-36062

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

8.1CVSS5.5AI score0.00304EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/10 3:34 p.m.34 views

CVE-2026-45565 Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

8.1CVSS0.00304EPSS
Exploits0References1
cve
cve
added 2026/06/10 3:34 p.m.21 views

CVE-2026-45565

CVE-2026-45565 affects Roxy-WI up to 8.2.6.4. The issue lies in the EscapedString Pydantic validator (app/modules/roxywi/class_models.py:16-30): its if/elif/else path strips metacharacters but does not apply the surrounding .. block, allowing an attacker to append a single ;, &, |, $, or ` to a p...

8.1CVSS5.5AI score0.00304EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.13 views

PT-2026-48457

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/class models.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. It...

8.1CVSS5.5AI score0.00304EPSS
Exploits0References2
hackerone
hackerone
added 2015/02/10 1:0 a.m.215 views

Ruby on Rails: JSON keys are not properly escaped

Rails does not escape hash keys properly in tojson when generating json. Values are escaped as expected ruby irbmain:001:0 "a"="".tojson = ""a":"\u003c\u003e"" However keys are not: ruby irbmain:002:0 ""="a".tojson = """:"a"" This is because the json gem calls .tos on the keys here which...

4.3CVSS0.1AI score0.0278EPSS
Exploits0
Rows per page
Query Builder