4172 matches found
CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
CVE-2024-1554
The fetch API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch response controlled by the addition...
CVE-2024-1554
The CVE-2024-1554 issue affects Mozilla Firefox (and related builds) where the fetch() API and navigation shared the same cache because the cache key did not include optional request headers. Under certain conditions an attacker could prime the browser cache with a fetch() response controlled by ...
oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
An out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application,...
Mozilla Firefox Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability previously existed in Mozilla Firefox version 123, which stemmed from the fetch API and navigation incorrectly sharing the same cache...
Fancy Product Designer < 6.1.5 - Admin+ SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. - Log in as an administrator, and visit /wp-admin/. - Add a Catalog Product in /wp-admin/admin.php?page=fancyproductdesigner - Sear...
Security Vulnerabilities fixed in Firefox 123 — Mozilla
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...
Exploit for Improper Access Control in Joomla Joomla\!
Joomla! options Arguments - url: Root URL base...
Denial Of Service (DoS)
Undici is vulnerable to Denial of Service DoS. The vulnerability is caused due to calling fetchURL and not consuming the incoming body or consuming it very slowly. This potentially leads to Denial of Service DoS attacks...
Node.js: fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
The vulnerability in the undici library in Node.js was that the parseHashWithOptions function did not properly handle base64url encoded hashes and invalid hashes. This allowed resources to be loaded without the expected Subresource Integrity SRI checks being performed...
CVE-2024-24750
An uncontrolled resource consumption flaw was found in undici. Calling fetchurl and not consuming the incoming body or consuming it very slowly leads to a memory leak...
UBUNTU-CVE-2024-24750
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...
CVE-2024-24750 Backpressure request ignored in fetch() in Undici
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade...
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded...
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers. Patches This is patched in v5.28.3 and v6.6.1 Workarounds There are no known workarounds. References - https://fetch.spec.whatwg.org/authentication-entries -...
GHSA-3787-6PRV-H9W3 Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Impact Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authorization headers. Patches This is patched in v5.28.3 and v6.6.1 Workarounds There are no known workarounds. References - https://fetch.spec.whatwg.org/authentication-entries -...
GHSA-9F24-JQHM-JFCW fetch(url) leads to a memory leak in undici
Impact Calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. Patches Patched in v6.6.1 Workarounds Make sure to always consume the incoming body...
fetch(url) leads to a memory leak in undici
Impact Calling fetchurl and not consuming the incoming body or consuming it very slowing will lead to a memory leak. Patches Patched in v6.6.1 Workarounds Make sure to always consume the incoming body...
undici Resource Management Error Vulnerability
undici is an HTTP/1.1 client. A resource management error vulnerability exists in undici versions 6.0.0 through 6.6.0, which stems from a memory leak vulnerability in the fetch function...
PT-2024-2631 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted...