Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.6 views

CVE-2026-54297

A flaw was found in Faraday, an HTTP client library. The Faraday::NestedParamsEncoder, which handles nested query parameters, does not limit the depth of nested query strings during decoding. A remote attacker can exploit this by sending a specially crafted query string, causing the application t...

7.5CVSS5.8AI score0.00391EPSS
Exploits1References4
NVD
NVD
added 2026/06/24 5:17 p.m.8 views

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS0.00391EPSS
Exploits1References4
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

UBUNTU-CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS5.9AI score0.00391EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/24 3:50 p.m.5 views

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS5.9AI score0.00391EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-33637

A flaw was found in Faraday, an HTTP client library. This vulnerability allows a remote attacker to perform off-host request forgery by exploiting a protocol-relative host override when a request target is passed as a URI object. This can redirect a request from a fixed-base Faraday connection to...

6.5CVSS5.9AI score0.00272EPSS
Exploits1References5
OSV
OSV
added 2026/05/19 7:16 p.m.7 views

DEBIAN-CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/19 7:16 p.m.8 views

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References3
OSV
OSV
added 2026/05/19 7:16 p.m.6 views

UBUNTU-CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/05/19 5:44 p.m.10 views

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1
EUVD
EUVD
added 2026/05/19 5:44 p.m.15 views

EUVD-2026-30966

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/18 2:51 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the buildexclusiveurl function. An attacker can redirect requests to an attacker-controlled host while preserving sensitive connection-scoped headers such as Authorization by supplying a...

6.9CVSS5.8AI score0.00351EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/10 3:9 a.m.8 views

CVE-2026-25765

A flaw was found in Faraday, an HTTP client library. The buildexclusiveurl method, which combines a base URL with a user-supplied path, incorrectly processes protocol-relative URLs e.g., //evil.com/path. This allows a remote attacker to supply a specially crafted URL, leading to Server-Side Reque...

5.8CVSS5.4AI score0.00351EPSS
Exploits0References6
NVD
NVD
added 2026/02/09 9:15 p.m.8 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS0.00351EPSS
Exploits0References3
OSV
OSV
added 2026/02/09 9:15 p.m.3 views

DEBIAN-CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.6AI score0.00351EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:30 p.m.5 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.8AI score0.00351EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/09 8:30 p.m.32 views

CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS0.00351EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/02/09 8:30 p.m.5 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.6AI score0.00351EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

faraday 代码问题漏洞

Faraday is an open-source HTTP client library developed by Lostisland. Versions of Faraday prior to 2.14.1 contained code vulnerabilities. These vulnerabilities stemmed from the use of the Ruby URImerge method to handle user input, which could lead to server-side request forgeing attacks...

5.8CVSS5.9AI score0.00351EPSS
Exploits0References3
Rows per page
Query Builder