72 matches found
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in Node.js HTTP request handling. The flaw triggers when an incoming request includes a header named proto and the server application accesses req.headersDistinct. This causes dest"proto" to incorrectly resolve to...
EUVD-2018-0797
Malware in sbrugna...
EUVD-2020-0334
Malware in sbrugna...
EUVD-2023-35120
Malicious code in bioql PyPI...
EUVD-2022-47952
Malicious code in bioql PyPI...
CVE-2023-49952
Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...
BIT-MASTODON-2023-49952
Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...
BIT-MASTODON-2024-34535
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...
Exploit for CVE-2025-29927
CVE-2025-29927 - Next.js Middleware Authorization Bypass PoC...
Exploit for CVE-2025-29927
CVE-2025-29927 - Next.js Middleware Authorization Bypass PoC...
Cisco Secure Web Appliance Input Validation Error Vulnerability
Cisco Secure Web Appliance is an application from Cisco USA. An input validation error vulnerability exists in Cisco Secure Web Appliance that stems from improper handling of HTTP request headers and can be exploited by an attacker to download malicious files...
GHSA-XX4V-PRFH-6CGC @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...
Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse
Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. Original Description A flaw was found in Undertow. An...
CVE-2024-4109
Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...
CVE-2024-4109
...
CVE-2024-4109
CVE-2024-4109 is linked to information leakage in Undertow when handling HTTP/2 header reuse. Affected product: Red Hat JBoss Enterprise Application Platform (EAP) 7.x on RHEL7/RHEL8 as referenced by RHSA advisories (e.g., 7.1.12 on RHEL7 and 7.3.15). Root cause: Undertow HTTP/2 handling allows l...
CVE-2024-4109
A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests...
PT-2024-13840 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.1.x through 4.1.16 Mastodon versions 4.2.x through 4.2.8 Description: The issue allows a bypass of rate limiting via a crafted HTTP request header. This means that an attacker can send a specially designed HTTP request...
CVE-2024-34535
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header...
ROS-20240726-08
Vulnerability in the httpjson component of Elastick Stack Filebeat is due to a bug in the input data of the httpjson, because of which the contents of the Authorization or Proxy-Authorization http-request header may into the debug logs. Exploitation of the vulnerability could allow an attacker...