EUVD-2022-2557

Malicious code in bioql PyPI...

CVE-2024-49580

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure...

JetBrains Ktor Information Disclosure Vulnerability

JetBrains Ktor is a lightweight , asynchronous Kotlin Web framework developed by JetBrains . JetBrains Ktor suffers from an information disclosure vulnerability that stems from improper caching in the HttpCache plugin, which can be exploited by an attacker to cause the disclosure of response...

CVE-2024-49580

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure...

CVE-2024-49580

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure...

CVE-2024-49580

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure...

CVE-2024-49580

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure...

CVE-2024-49580

The CVE-2024-49580 issue affects JetBrains Ktor, specifically the HttpCache Plugin, due to improper caching that can disclose response information. Affected products/versions include Ktor before 2.3.13 (and, per PT-Security, before 3.0.0 for related caching behavior). The documented impact is inf...

PT-2024-7357 · Jetbrains · Jetbrains Ktor

Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 3.0.0 JetBrains Ktor versions prior to 2.3.13 Description: The issue is related to improper caching in the HttpCache Plugin, which could lead to response information disclosure. This allows an attacker to...

JetBrains Ktor framework 安全漏洞

JetBrains Ktor is a lightweight , asynchronous Kotlin Web framework developed by JetBrains . JetBrains Ktor suffers from an information disclosure vulnerability that stems from improper caching in the HttpCache plugin, which can be exploited by an attacker to cause the disclosure of response...

CVE-2022-24894: Prevent storing cookie headers in HttpCache

More info at https://symfony.com/cve-2022-24894...

CVE-2022-24894: Prevent storing cookie headers in HttpCache

More info at https://symfony.com/cve-2022-24894...

GHSA-47XH-QXQV-MGVG kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)

Impact A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1...

kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)

Impact A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1...

Symfony Vulnerable to PHP Eval Injection

Applications with ESI support and SSI support as of Symfony 2.6 enabled and using the Symfony built-in reverse proxy the Symfony\Component\HttpKernel\HttpCache class are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server. HttpCache uses eval...

GHSA-5C58-W9XC-QCJ9 Symfony Vulnerable to PHP Eval Injection

Applications with ESI support and SSI support as of Symfony 2.6 enabled and using the Symfony built-in reverse proxy the Symfony\Component\HttpKernel\HttpCache class are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server. HttpCache uses eval...

Symfony Host Header Injection

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should ...

GHSA-66P6-7P29-55P9 Symfony Host Header Injection

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should ...

CVE-2020-15094

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially...

DEBIAN-CVE-2020-15094

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially...