Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 12:40 a.m.11 views

Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream

Summary The FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF \r\n sequences. An attacker who controls the .type property of a Blob/File-like object e.g., via a user-uploaded fil...

5.3CVSS6AI score0.0024EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.5 views

PT-2023-32176 · WordPress · Wp-Useronline

Name of the Vulnerable Software and Affected Versions: WP-UserOnline WordPress plugin versions prior to 2.88.3 Description: The issue allows unauthenticated users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the X-Forwarded-For header before its content ...

6.1CVSS6.1AI score0.0051EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.38 views

openSUSE Security Update : nodejs8 (openSUSE-2020-293)

This update for nodejs8 fixes the following issues : Security issues fixed : - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

9.8CVSS7.3AI score0.57132EPSS
Exploits2References6
OSV
OSV
added 2020/03/03 5:13 p.m.5 views

OPENSUSE-SU-2020:0293-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

9.8CVSS8.6AI score0.57132EPSS
Exploits2References7
OSV
OSV
added 2020/02/25 9:56 a.m.8 views

SUSE-SU-2020:0455-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request...

9.8CVSS8.4AI score0.57132EPSS
Exploits2References7
OSV
OSV
added 2020/02/25 9:55 a.m.8 views

SUSE-SU-2020:0454-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

9.8CVSS8.4AI score0.57132EPSS
Exploits2References7
OSV
OSV
added 2020/02/20 10:5 a.m.8 views

SUSE-SU-2020:0427-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request...

9.8CVSS8.4AI score0.57132EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2018/11/29 10:10 a.m.5 views

ruby: HTTP response splitting in WEBrick

It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...

5.3CVSS7.2AI score0.0576EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/11/29 9:56 a.m.6 views

ruby: HTTP response splitting in WEBrick

It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...

5.3CVSS7.2AI score0.0576EPSS
Exploits0References5
Rows per page
Query Builder