15 matches found
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
DEBIAN-CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
ALPINE-CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
UBUNTU-CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
Summary (CVE-2026-8711): NGINX JavaScript (njs) is vulnerable when the js_fetch_proxy directive uses at least one client-controlled variable (e.g., $http_, $arg_ , $cookie_*) and a location invokes ngx.fetch(). An unauthenticated remote attacker can send crafted HTTP requests that may trigger a h...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711 NGINX JavaScript vulnerability
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711 NGINX JavaScript vulnerability
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
PT-2026-41939
Name of the Vulnerable Software and Affected Versions NGINX JavaScript affected versions not specified Description An issue exists when the 'js fetch proxy' directive is configured with at least one client-controlled NGINX variable, such as $http , $arg , or $cookie , and a location invokes the...
MAL-2025-3910 Malicious code in nodejs-fetch-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80749ffba9365d62c589ea0137cde9db701626ae4ba97fc9f9149b61809ac107 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in nodejs-fetch-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80749ffba9365d62c589ea0137cde9db701626ae4ba97fc9f9149b61809ac107 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...