Lucene search
+L

385 matches found

Tenable Nessus
Tenable Nessus
added 2022/09/09 12:0 a.m.42 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3196-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3196-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. -...

9.8CVSS6.8AI score0.03465EPSS
Exploits3References14
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.37 views

Amazon Linux 2022 : rubygem-puma (ALAS2022-2022-051)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-051 advisory. A flaw was found in rubygem-puma. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starv...

9.1CVSS6.8AI score0.0214EPSS
Exploits0References9
Veracode
Veracode
added 2022/08/21 2:52 a.m.20 views

Improper Input Validation

trafficserver is vulnerable to improper input validation. The vulnerability exists in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers...

7.5CVSS7.2AI score0.01914EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2022/08/15 11:21 a.m.17 views

CVE-2022-35948

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

5.3CVSS0.01203EPSS
Exploits1References3
Prion
Prion
added 2022/08/15 11:21 a.m.21 views

Crlf injection

undici is an HTTP/1.1 client, written from scratch for Node.js.= email protected users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const...

5CVSS5.4AI score0.01203EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/08/15 12:0 a.m.47 views

CVE-2022-35948

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

5.3CVSS6.5AI score0.01203EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/08/15 12:0 a.m.42 views

GLSA-202208-28 : Puma: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-28 Puma: Multiple Vulnerabilities - Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been...

9.1CVSS6.8AI score0.0214EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2022/08/13 12:0 a.m.63 views

CVE-2022-35948

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

5.3CVSS5.1AI score0.01203EPSS
Exploits1
Cvelist
Cvelist
added 2022/08/13 12:0 a.m.34 views

CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type

undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...

5.3CVSS7.3AI score0.01203EPSS
Exploits1References3
CVE
CVE
added 2022/08/13 12:0 a.m.230 views

CVE-2022-35948

CVE-2022-35948 affects the undici HTTP/1.1 client for Node.js. When user input is unsanitized in the Content-Type header, CRLF Injection can cause multiple requests in a single call (e.g., two GETs). The issue is fixed in undici v5.8.1; workaround: sanitize input before sending as a Content-Type ...

5.3CVSS6.4AI score0.01203EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/08/12 11:15 p.m.37 views

CVE-2022-35949

undici is an HTTP/1.1 client, written from scratch for Node.js.undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici =...

9.8CVSS6.8AI score0.01388EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/08/12 12:0 a.m.37 views

CVE-2022-35949 `undici.request` vulnerable to SSRF using absolute URL on `pathname`

undici is an HTTP/1.1 client, written from scratch for Node.js.undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici =...

5.3CVSS9.5AI score0.01388EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/08/12 12:0 a.m.68 views

CVE-2022-35949

undici is an HTTP/1.1 client, written from scratch for Node.js.undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici =...

9.8CVSS7.2AI score0.01388EPSS
Exploits1
NVD
NVD
added 2022/08/10 6:15 a.m.20 views

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS0.01914EPSS
Exploits0References5
Prion
Prion
added 2022/08/10 6:15 a.m.15 views

Input validation

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

5CVSS7.3AI score0.01914EPSS
Exploits0References5Affected Software3
UbuntuCve
UbuntuCve
added 2022/08/10 6:15 a.m.28 views

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS7.1AI score0.01914EPSS
Exploits0References2
CVE
CVE
added 2022/08/10 12:0 a.m.79 views

CVE-2022-28129

Apache Traffic Server versions 8.0.0–9.1.2 are affected by CVE-2022-28129 due to improper input validation in HTTP/1.1 header parsing, allowing an attacker to send invalid headers. Fedora advisories indicate upgrades to 9.1.3 (and 8.0.2+ds-1+deb10u7 for Debian) to fix the issue. CVSSv3 base score...

7.5CVSS7.3AI score0.01914EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/08/10 12:0 a.m.18 views

CVE-2022-28129 Insufficient Validation of HTTP/1.x Headers

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

7.5CVSS7.1AI score0.01914EPSS
Exploits0References7
NVD
NVD
added 2022/07/19 9:15 p.m.30 views

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

6.5CVSS0.01391EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/07/19 9:15 p.m.43 views

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

6.5CVSS6.7AI score0.01391EPSS
Exploits1References4
Rows per page
Query Builder