Lucene search
K

16601 matches found

Github Security Blog
Github Security Blog
added 2024/09/23 8:30 p.m.36 views

lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)

Summary SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address. PoC 1. Ru...

9CVSS6.6AI score0.10996EPSS
Exploits4References6Affected Software1
GithubExploit
GithubExploit
added 2024/09/23 4:11 p.m.74 views

Exploit for CVE-2024-7954

RCECVE-2024-7954 Description: The porteplume plugin used by...

9.8CVSS9.8AI score0.89783EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2024/09/23 5:10 a.m.16 views

CVE-2024-47220

A flaw was found in the webrick toolkit. This issue occurs because the server incorrectly handles requests with both Content-Length and Transfer-Encoding headers. This can allow an attacker to sneak in an extra request such as GET /admin after the normal request POST /user. As a result,...

7.5CVSS6.5AI score0.00393EPSS
Exploits0References5
Redos
Redos
added 2024/09/23 12:0 a.m.14 views

ROS-20240923-04

A vulnerability in the Node.js software platform is related to flaws in HTTP request processing. Exploitation vulnerability could allow an attacker acting remotely to send a covert HTTP request HTTP Request Smuggling attack. HTTP Request Smuggling...

6.5CVSS7AI score0.01155EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/09/22 3:30 a.m.60 views

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.8AI score0.00393EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/09/22 3:30 a.m.13 views

GHSA-6F62-3596-G6W7 HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

7.5CVSS7.4AI score0.00393EPSS
Exploits0References8
NVD
NVD
added 2024/09/22 1:15 a.m.18 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

0.00393EPSS
Exploits0References4
OSV
OSV
added 2024/09/22 1:15 a.m.17 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.9AI score
Exploits0References4
OSV
OSV
added 2024/09/22 1:15 a.m.3 views

DEBIAN-CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.5AI score0.00393EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/22 12:0 a.m.22 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

0.00393EPSS
Exploits0References4
CVE
CVE
added 2024/09/22 12:0 a.m.371 views

CVE-2024-47220

The CVE-2024-47220 issue affects the WEBrick toolkit in Ruby (through 1.8.1). It enables HTTP request smuggling by sending both Content-Length and Transfer-Encoding in the same request, e.g., a crafted GET line embedded in a POST request. The advisory notes WEBrick should not be used in productio...

7.2AI score0.00393EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/22 12:0 a.m.14 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.9AI score0.00393EPSS
Exploits0References4
RubySec
RubySec
added 2024/09/22 12:0 a.m.13 views

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier''s position is "Webri...

6.7AI score0.00393EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2024/09/22 12:0 a.m.13 views

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

6.5AI score0.00393EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/21 12:0 a.m.5 views

PT-2024-32484 · Ruby +4 · Webrick +4

Name of the Vulnerable Software and Affected Versions: WEBrick toolkit versions through 1.8.1 Description: An issue was discovered in the WEBrick toolkit for Ruby, allowing HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header. This can be achieved, for...

8.7CVSS6.7AI score0.01429EPSS
Exploits0References72
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/20 9:20 p.m.31 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in urllib3-1.26.18-py2.py3-none-any.whl

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of urllib3-1.26.18-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip...

6.5CVSS4.9AI score0.01141EPSS
Exploits1Affected Software1
AlpineLinux
AlpineLinux
added 2024/09/19 10:51 p.m.14 views

CVE-2024-45410

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS8.6AI score0.01513EPSS
Exploits0
NVD
NVD
added 2024/09/19 5:15 p.m.17 views

CVE-2024-8651

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS0.00427EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/19 4:30 p.m.28 views

CVE-2024-8651 Netcat CMS: user enumeration

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS7.1AI score0.00427EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/19 4:30 p.m.24 views

CVE-2024-8651 Netcat CMS: user enumeration

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS0.00427EPSS
Exploits0References1
Rows per page
Query Builder