37 matches found
undici vulnerable to cross-user information disclosure via shared cache whitespace bypass
Impact Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...
CVE-2026-9678
Undici (node) vulnerability CVE-2026-9678: in shared-cache mode, the cache interceptor may misclassify responses as cacheable when Cache-Control uses whitespace-padded private/no-cache directives (e.g., private=" authorization" or no-cache="\tauthorization"). The whitespace is preserved by the pa...
CVE-2026-48587
A flaw was found in Django. Remote attackers can exploit this vulnerability due to django.utils.cache.hasvaryheader not properly stripping whitespace from Vary response header values. This allows an attacker to read cached responses by sending requests to URLs with whitespace-padded Vary header...
PYSEC-2026-198
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...
CVE-2026-48587
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...
PYSEC-2026-198
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...
Unity Linux 20.1070e Security Update: netty (UTSA-2026-017793)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017793 advisory. Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a Transfer- Encoding : chunked line, which leads to HTTP request smuggling...
MiracleLinux 7 : rh-nodejs12-nodejs-12.16.1-1.el7 (AXSA:2020-4480:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4480:02 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 nodejs: Remotely trigger an assertion on a TLS server with a...
Linux Distros Unpatched Vulnerability : CVE-2017-12165
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request...
Linux Distros Unpatched Vulnerability : CVE-2019-16869
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a Transfer- Encoding : chunked line, which leads to HTTP request...
Linux Distros Unpatched Vulnerability : CVE-2019-15606
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons CVE-2019-15606 No...
OESA-2024-2103 netty3 security update
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...
SUSE CVE-2005-0174
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including 1 multiple Content-Length headers, 2 carriage return CR characters that are not part of a CRLF pair, and 3 header names containing...
SUSE CVE-2019-15606
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...
SUSE CVE-2019-18678
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...
squid: HTTP Request Splitting issue in HTTP message processing
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...