Lucene search
K

1170 matches found

RedHat Linux
RedHat Linux
added 5 days ago5 views

netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected...

7.5CVSS6.9AI score0.00952EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added last week7 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.3AI score0.03459EPSS
Exploits1References5
OSV
OSV
added 2026/07/06 3:23 p.m.7 views

BIT-LIBPYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.7AI score0.00562EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-55460

Name of the Vulnerable Software and Affected Versions Contour versions prior to 1.33.5 Description An issue exists when an HTTPProxy is configured with both .spec.virtualhost.tls.enableFallbackCertificate: true and .spec.virtualhost.jwtProviders. In this scenario, the system fails to reject the...

6.5CVSS6AI score0.00023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 9:0 a.m.7 views

CVE-2026-55603

A flaw was found in http-proxy-middleware. A remote attacker could exploit a vulnerability in the fixRequestBody function, which is used to re-emit a request body. By injecting carriage return and line feed characters \r\n into a request body key or value, an attacker can bypass security policies...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/25 5:11 a.m.14 views

CVE-2026-55602

A flaw was found in http-proxy-middleware before 2.0.10, 3.0.6, and 4.1.0. Router proxy-table host+path matching uses unanchored substring comparison on the Host header, so a crafted Host value that superstring-matches a configured key can route requests to an unintended backend...

8.6CVSS5.8AI score0.0034EPSS
Exploits1References4
NVD
NVD
added 2026/06/22 9:16 p.m.13 views

CVE-2026-55603

http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with...

7.5CVSS0.00243EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:7 p.m.5 views

CVE-2026-55603

http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with...

7.5CVSS5.9AI score0.00243EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:7 p.m.27 views

CVE-2026-55603 http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with...

7.5CVSS0.00243EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 8:7 p.m.45 views

CVE-2026-55603

CVE-2026-55603 affects http-proxy-middleware (Node.js). In versions 3.0.4–3.0.7 and 4.1.1, fixRequestBody() rebuilds multipart/form-data by interpolating req.body into the wire format without neutralizing CR/LF. This can let an attacker inject a new multipart part (via unescaped CRLF in keys/valu...

7.5CVSS5.9AI score0.00243EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-55602

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...

8.6CVSS0.0034EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:58 p.m.4 views

CVE-2026-55602

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...

6.9CVSS5.9AI score0.0034EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/22 3:58 p.m.76 views

CVE-2026-55602

The CVE-2026-55602 issue affects http-proxy-middleware (Node.js) versions 0.16.0 through 2.0.10, 3.0.6, and 4.1.0. The host+path router uses unanchored substring matching on attacker-controlled request metadata, enabling a crafted Host header that is a superstring match for a configured key to ro...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:58 p.m.33 views

CVE-2026-55602 http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request...

6.9CVSS0.0034EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/18 1:6 p.m.21 views

NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

NPM: http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in fixRequestBody vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 3.0.4, 3.0.7...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/18 1:6 p.m.9 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the fixRequestBody function. An attacker can inject or override multipart form fields, potentially bypassing gateway-side validation or access controls, by supplying crafted input containing carriage return and line...

7.5CVSS5.9AI score0.00243EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/06/18 1:6 p.m.5 views

NPM: http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

NPM: http-proxy-middleware router host+path substring matching allows Host-header-driven backend routing bypass vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 0.16.0, 2.0.10...

8.6CVSS5.8AI score0.0034EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/18 1:6 p.m.9 views

Partial String Comparison

Overview Affected versions of this package are vulnerable to Partial String Comparison via the router component. An attacker can route requests to unintended backend servers by sending crafted HTTP requests with manipulated Host headers. Remediation Upgrade http-proxy-middleware to version 2.0.10...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References2
OSV
OSV
added 2026/06/18 1:6 p.m.5 views

GHSA-64MM-VXMG-Q3VJ http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...

6.9CVSS5.6AI score0.0034EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/18 1:6 p.m.26 views

http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...

8.6CVSS5.6AI score0.0034EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder