2 matches found
GHSA-GCFQ-8GQF-4876 GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward
Summary The BalancerForward proxy helper in GoFiber uses Header.Add instead of Header.Set when injecting the X-Real-IP header. This appends the real client IP as a second header value rather than replacing any attacker-supplied value. Upstream servers that read the first X-Real-IP header nginx,...
UBUNTU-CVE-2018-11099
The header::addINFOdescriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted vcf file...