2 matches found
openSUSE Security Update : curl (openSUSE-2015-125)
was updated to version 7.40.0 to fix two security issues. These security issues were fixed : - CVE-2014-8150: CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allowed remote attackers to inject arbitrary HTTP headers and conduct HTTP response...
CVE-2009-2422
The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...