14 matches found
EUVD-2019-0257
Malware in sbrugna...
EUVD-2024-2867
Malicious code in bioql PyPI...
CVE-2025-48865 Fabio allows HTTP clients to manipulate custom headers it adds
Fabio is an HTTPS and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers except X-Forwarded-For due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and...
CVE-2024-45813
find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...
CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way
find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...
CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way
find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...
CVE-2024-45813
CVE-2024-45813 affects the find-my-way HTTP router. A bad regular expression is generated when two parameters exist within a single segment, notably with a trailing dash (e.g., ":/a-:b-"). This can lead to a Denial of Service in some cases. Affected versions require upgrade to find-my-way v8.2.2 ...
CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way
find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...
GO-2022-0463 Access control bypass due to broad route matching in github.com/beego/beego and beego/v2
Routes in the beego HTTP router can match unintended patterns. This overly-broad matching may permit an attacker to bypass access controls. For example, the pattern "/a/b/:name" can match the URL "/a.xml/b/". This may bypass access control applied to the prefix "/a/"...
Skipper 代码问题漏洞
Skipper is an HTTP router and reverse proxy for service portfolios. A security vulnerability exists in Skipper v0.9.1 that allows an attacker to execute arbitrary code via a crafted file...
CVE-2016-10543
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules...
Design/Logic Flaw
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules...
CVE-2016-10543
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules...
CVE-2016-10543
The vulnerability CVE-2016-10543 affects the call HTTP router used by the hapi framework, with versions 2.0.1–3.0.1 not validating empty parameters, permitting bypass of route validation rules. Impact is described as potential input bypass leading to validation bypass. The public advisories (GitH...