Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curlhttpclient.CurlAsyncHTTPClient class is vulnerable to CRLF carriage return/line feed injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return \r or line feed \n characters in the request headers...

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC 0. Install Tornado. 1. Start a simple Tornado server that echoes...

GHSA-753J-MPMX-QQ6G Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC 0. Install Tornado. 1. Start a simple Tornado server that echoes...

Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...

GHSA-973G-55HP-3FRW Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...

CVE-2024-4325

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

CVE-2024-4325

Gradio SSRF (CVE-2024-4325) affects gradio-app/gradio v4.21.0, vulnerable at /queue/join and the save_url_to_cache path handling. User-supplied path is used to fetch URLs without adequate validation, enabling potential access to internal services and AWS metadata endpoints. Remediation: upgrade t...

PT-2024-30411 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio version 4.21.0 Description: A Server-Side Request Forgery SSRF vulnerability exists, specifically within the "/queue/join" endpoint and the save url to cache function. The vulnerability arises when the path value, obtained...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

CVE-2024-20404

CVE-2024-20404 affects Cisco Finesse web-based management interface. The issue is an SSRF caused by insufficient validation of user-supplied input in HTTP requests sent to the device. An unauthenticated, remote attacker can exploit crafted HTTP requests to obtain limited sensitive information fro...

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

Path Traversal

lollms is vulnerable to Path Traversal. The vulnerability is due to improper handling of user-supplied input in the 'listpersonalities' endpoint, allowing an attacker to traverse directories and view the contents of subfolders by manipulating the 'category' parameter in an HTTP request...

The vulnerability of the HTTP Request Handler component in FortiWeb network appliances allows attackers to enhance their privileges.

The vulnerability of the HTTP Request Handler component in FortiWeb web applications is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

BIT-NODE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

nodejs: HTTP Request Smuggling via Content Length Obfuscation

An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request...

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow packages a vulnerable version of the eclipse jetty library. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creati...

Security Bulletin: Gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding...