6 matches found
CVE-2026-14784 vxcontrol PentAGI Docker API client.go sandbox
A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...
CVE-2026-55603 http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`
http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with...
CVE-2026-55603
CVE-2026-55603 affects http-proxy-middleware (Node.js). In versions 3.0.4–3.0.7 and 4.1.1, fixRequestBody() rebuilds multipart/form-data by interpolating req.body into the wire format without neutralizing CR/LF. This can let an attacker inject a new multipart part (via unescaped CRLF in keys/valu...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the fixRequestBody function. An attacker can cause writeBody to be called multiple times, leading to unexpected behavior. Remediation A fix was pushed into the master branch but not yet...
GHSA-9GQV-WP59-FQ42 http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed...
SUSE-SU-2023:3469-1 Security update for haproxy
This update for haproxy fixes the following issues: - CVE-2023-40225: Fixed request smuggling with empty content-length header value bsc1214102...