4 matches found
esm.sh 代码问题漏洞
esm.sh is an open-source content distribution network developed by esm.sh. Versions of esm.sh 137 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the https routing mechanism of esm.sh. The service attempted to block...
dotnet: Denial of service due to infinite loop
An infinite loop was found in the HTTP Routing component of Microsoft.AspNetCore.App, which could be exploited by a remote, unauthenticated attacker. This flaw allows an attacker without special privileges to send crafted requests to a machine running an ASP.NET Core application, triggering the...
CVE-2020-1161
An infinite loop was found in the HTTP Routing component of Microsoft.AspNetCore.App, which could be exploited by a remote, unauthenticated attacker. This flaw allows an attacker without special privileges to send crafted requests to a machine running an ASP.NET Core application, triggering the...
Security Advisory 2019-11-05-2 - LuCI CSRF vulnerability (CVE-2019-17367)
DESCRIPTION A logic flaw in LuCI's HTTP routing component led to ineffective CSRF token testing for various request endpoints, specifically ones using the arcombine dispatch action. This allows 3rd party web pages running in the same browser session as an active LuCI login session to perform...