Lucene search
K

62 matches found

RedHat Linux
RedHat Linux
added 5 days ago5 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS6AI score0.00475EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago4 views

fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator URL containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization...

7.5CVSS7.2AI score0.00521EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/07 8:46 a.m.5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.23 security and extras update

Red Hat OpenShift Container Platform release 4.21.23 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...

7.5CVSS6AI score0.00475EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/30 1:49 a.m.7 views

SUSE CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.2CVSS5.8AI score0.00274EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-13676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP- family URLs. The IDN conversion path calls a helper that do...

7.5CVSS6.1AI score0.00274EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 5:24 p.m.11 views

CVE-2026-13676

A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode Internationalized Domain Name - IDN hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when...

7.5CVSS5.7AI score0.00274EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/29 2:23 p.m.8 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:23 p.m.8 views

Interpretation Conflict

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 2:16 p.m.13 views

DEBIAN-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 2:16 p.m.11 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00274EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 2:16 p.m.4 views

UBUNTU-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:22 p.m.17 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/29 1:22 p.m.40 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 1:22 p.m.14 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 1:22 p.m.7 views

EUVD-2026-40093

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 1:22 p.m.4 views

CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS6AI score0.00274EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/29 1:22 p.m.7 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53267

Name of the Vulnerable Software and Affected Versions fast-uri versions 2.3.1 through 3.1.2 fast-uri version 4.0.0 Description The software fails to canonicalize Unicode Internationalized Domain Names IDN for HTTP-family URLs. This occurs because the IDN conversion path utilizes a helper missing...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References13
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/27 3:52 p.m.12 views

Security Bulletin: Vulnerabilities in axios, follow-redirects, fast-uri and babel might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by axios, follow-redirects, fast-uri and babel. Vulnerabilities include allowing an attacker to create Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution, inject vulnerable code,...

9CVSS5.8AI score0.01815EPSS
Exploits5Affected Software1
Rows per page
Query Builder