Lucene search
K

136 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3,...

7.5CVSS5.8AI score0.00391EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.6 views

CVE-2026-54297

A flaw was found in Faraday, an HTTP client library. The Faraday::NestedParamsEncoder, which handles nested query parameters, does not limit the depth of nested query strings during decoding. A remote attacker can exploit this by sending a specially crafted query string, causing the application t...

7.5CVSS5.8AI score0.00391EPSS
Exploits1References4
NVD
NVD
added 2026/06/24 5:17 p.m.8 views

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS0.00391EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS5.9AI score0.00391EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/24 3:50 p.m.6 views

CVE-2026-54297 Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS5.9AI score0.00391EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/24 3:50 p.m.5 views

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS5.9AI score0.00391EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/24 3:50 p.m.33 views

CVE-2026-54297 Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS0.00391EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 3:50 p.m.47 views

CVE-2026-54297

CVE-2026-54297 (Faraday) : Uncontrolled recursion in Faraday::NestedParamsEncoder during decoding of nested query strings can create deeply nested Ruby Hashes, leading to a stack exhaustion DoS. Affected versions are Faraday 1.0.0 through 1.10.6 and 2.14.3. The vulnerability is fixed in 1.10.6 an...

7.5CVSS5.9AI score0.00391EPSS
Exploits1References4Affected Software1
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

CVE-2026-54297 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, ruby3.3-faraday, logstash, kube-fluentd-operator, gitlab-rails-ce, cinc-auditor, logstash-fips, gitlab-cng...

7.5CVSS7.1AI score0.00391EPSS
Exploits1
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

GHSA-98M9-HRRM-R99R vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, ruby3.3-faraday, logstash, kube-fluentd-operator, gitlab-rails-ce, cinc-auditor, logstash-fips, gitlab-cng...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/06/22 2:22 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the NestedParamsEncoder module through the dehash routine. An attacker can cause the application to crash and exhaust system resources by submitting a deeply nested query string that triggers uncontrolled...

8.7CVSS5.9AI score0.00391EPSS
Exploits1References2
Wolfi
Wolfi
added 2026/06/21 2:16 p.m.8 views

CVE-2026-54297 vulnerabilities

Vulnerabilities for packages: logstash, kube-fluentd-operator, ruby3.3-faraday, cinc-auditor...

7.5CVSS7.1AI score0.00391EPSS
Exploits1
Wolfi
Wolfi
added 2026/06/21 2:16 p.m.11 views

GHSA-98M9-HRRM-R99R vulnerabilities

Vulnerabilities for packages: logstash, kube-fluentd-operator, ruby3.3-faraday, cinc-auditor...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/19 7:35 p.m.10 views

GHSA-98M9-HRRM-R99R Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string such as: text axxxx...x=1 causes Faraday to build a deeply nested Ruby Hash structure. The internal dehash...

7.5CVSS5.7AI score0.00391EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.7 views

Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string such as: text axxxx...x=1 causes Faraday to build a deeply nested Ruby Hash structure. The internal dehash...

7.5CVSS5.7AI score0.00391EPSS
Exploits1References6Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Faraday - Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Uncontrolled Recursion in NestedParamsEncoder Allows Stack Exhaustion DoS via Deeply Nested Query Parameters Summary Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query...

7.5CVSS6AI score0.00391EPSS
Exploits1References1Affected Software1
Circl
Circl
added 2026/06/18 1:20 p.m.7 views

CVE-2026-54297

creationtimestamp| type| source ---|---|--- 2026-06-18 13:20:52+00:00| published-proof-of-concept| https://github.com/lostisland/faraday/security/advisories/GHSA-98m9-hrrm-r99r 2026-06-23 13:41:44+00:00| seen| https://gist.github.com/muhamedfazalps/a3449070789a6a2c13d4d4e844af803b...

7.5CVSS5.8AI score0.00391EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-51060

Name of the Vulnerable Software and Affected Versions Faraday versions prior to 2.14.2-2-g59334e0 Description Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder, decodes nested query strings without enforcing a maximum nesting depth. An attacker can provide a crafted...

7.8CVSS5.8AI score0.00391EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-33637

A flaw was found in Faraday, an HTTP client library. This vulnerability allows a remote attacker to perform off-host request forgery by exploiting a protocol-relative host override when a request target is passed as a URI object. This can redirect a request from a fixed-base Faraday connection to...

6.5CVSS5.9AI score0.00272EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-33637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow...

6.5CVSS5.8AI score0.00272EPSS
Exploits1References2
Rows per page
Query Builder