5 matches found
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
CVE-2026-49941
CVE-2026-49941 affects Net::CIDR::Set (Perl) up to version 0.20. The vulnerability arises when add() delegates to _encode() to parse addresses; inputs that aren’t netmasks/ranges are treated as single IPs and recursed as 32/128-bit netmasks. If an argument isn’t a well-formed IP address, this can...
net/url: Incorrect parsing of IPv6 host literals in net/url
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...
The vulnerability of the Rack module in the Ruby programming language involves the use of a regular expression c, which has an inefficient computational cost. This allows attackers to trigger a service failure.
The vulnerability of the Ruby interpreter’s Rack module is related to the incorrect handling of invalid URL addresses. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Ruby programming language components rfc2396 parser.rb and rfc3986 parser.rb allows a hacker to cause a service failure.
The vulnerability of the Ruby programming language components rfc2396 Parser.rb and rfc3986 Parser.rb is related to the incorrect handling of invalid URL addresses. Exploiting this vulnerability allows a remote attacker to cause service interruptions...