11 matches found
EUVD-2024-3478
Malicious code in bioql PyPI...
EUVD-2025-6821
Malicious code in bioql PyPI...
SUSE CVE-2024-12224
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...
CVE-2024-12224
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...
CVE-2025-0454
A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...
CVE-2025-0454
A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...
CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt
A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...
CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt
A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...
CVE-2025-0454
The CVE-2025-0454 entry corresponds to a Server-Side Request Forgery (SSRF) in significant-gravitas/autogpt prior to v0.4.0. The root cause is a hostname confusion between urllib.parse.urlparse and the requests library, allowing a crafted URL (for example, http://localhost:@google.com/../) to byp...
SSRF check bypass in Requests utility
Description The autogpt application relies on a wrapper around the requests library in order to avoid SSRF attacks performing a check on the provided URL. Such check is performed using the urlparse function from urllib.parse library, and the request is later performed using the requests library...
GHSA-4P35-CFCX-8653 Hostname confusion in parse-url
Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1...