7 matches found
CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
Glob 操作系统命令注入漏洞
Glob is a file matching software by isaacs individual developers. An operating system command injection vulnerability exists in Glob versions 10.3.7 through 11.0.3, which stems from command injection and could lead to arbitrary code execution...
CVE-2025-46565 Vite's server.fs.deny bypassed with /. for files under project root
Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network usi...
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?
A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?
A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...
Code injection
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
Fedora 24 : suricata (2017-f9f3a78148)
This is a new upstream feature and security release. Improvements include: bypass; pre-filter -- fast packet keywords; TLS improvements; ICS protocol additions: DNP3 CIP/ENIP; SHA1/SHA256 for file matching, logging & extraction; NIC offloading disabled by default; unix socket enabled by default;...