9 matches found
Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream
Summary The FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF \r\n sequences. An attacker who controls the .type property of a Blob/File-like object e.g., via a user-uploaded fil...
PT-2023-32176 · WordPress · Wp-Useronline
Name of the Vulnerable Software and Affected Versions: WP-UserOnline WordPress plugin versions prior to 2.88.3 Description: The issue allows unauthenticated users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the X-Forwarded-For header before its content ...
openSUSE Security Update : nodejs8 (openSUSE-2020-293)
This update for nodejs8 fixes the following issues : Security issues fixed : - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...
OPENSUSE-SU-2020:0293-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...
SUSE-SU-2020:0455-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request...
SUSE-SU-2020:0454-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...
SUSE-SU-2020:0427-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request...
ruby: HTTP response splitting in WEBrick
It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...
ruby: HTTP response splitting in WEBrick
It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...