138 matches found
CVE-2026-25765 affecting package rubygem-faraday for versions less than 2.7.10-2
CVE-2026-25765 affecting package rubygem-faraday for versions less than 2.7.10-2. A patched version of the package is available...
Important Photon OS Security Update - PHSA-2026-5.0-0762
Updates of 'rubygem-faraday', 'postgresql15', 'postgresql14' packages of Photon OS have been released...
SUSE CVE-2026-25765
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
CVE-2026-25765
A flaw was found in Faraday, an HTTP client library. The buildexclusiveurl method, which combines a base URL with a user-supplied path, incorrectly processes protocol-relative URLs e.g., //evil.com/path. This allows a remote attacker to supply a specially crafted URL, leading to Server-Side Reque...
Linux Distros Unpatched Vulnerability : CVE-2026-25765
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the buildexclusiveurl function in the connection.rb file. An attacker can cause requests to be sent to arbitrary hosts by supplying a protocol-relative URL as input. Workaround This vulnerability ca...
DEBIAN-CVE-2026-25765
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
AZL-77639 CVE-2026-25765 affecting package rubygem-faraday 2.5.2-1
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
AZL-77631 CVE-2026-25765 affecting package rubygem-faraday 2.7.10-1
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
CVE-2026-25765
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
CVE-2026-25765
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...
GHSA-33MH-2634-FWR2 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...
CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
CVE-2026-25765
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
CVE-2026-25765
CVE-2026-25765 affects Faraday (an HTTP client abstraction). The vulnerability arises in build_exclusive_url (lib/faraday/connection.rb) which uses URI#merge; protocol-relative URLs (e.g., //evil.com/…) override the base URL’s host, enabling potential SSRF if user-controlled input is passed to ge...
CVE-2026-25765
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...
faraday 代码问题漏洞
Faraday is an open-source HTTP client library developed by Lostisland. Versions of Faraday prior to 2.14.1 contained code vulnerabilities. These vulnerabilities stemmed from the use of the Ruby URImerge method to handle user input, which could lead to server-side request forgeing attacks...