Lucene search
K

9 matches found

CNNVD
CNNVD
added 2026/03/30 12:0 a.m.7 views

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There is a security vulnerability in Node.js, which stems from improper handling of URLs. When the url.format function is called with an internationalized domain name containing invalid...

5.7CVSS6.8AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/20 7:59 p.m.27 views

CVE-2026-4438 gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

0.00189EPSS
Exploits1References1
OSV
OSV
added 2025/04/14 11:35 a.m.45 views

BIT-PYTHON-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS5.8AI score0.01499EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/01/31 8:59 p.m.20 views

CVE-2025-0938

A flaw was found in Python. The Python standard library functions urllib.parse.urlsplit and urlparse accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs...

6.8CVSS6AI score0.01499EPSS
Exploits0References5
NVD
NVD
added 2025/01/31 6:15 p.m.21 views

CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS0.01499EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/01/31 5:51 p.m.7 views

CVE-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.5AI score0.01499EPSS
Exploits0References9
OSV
OSV
added 2025/01/31 5:51 p.m.19 views

PSF-2025-1

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.5AI score0.01499EPSS
Exploits0References9
CVE
CVE
added 2025/01/31 5:51 p.m.2896 views

CVE-2025-0938

Summary (CVE-2025-0938): The issue arises in Python’s standard library URL parsing, where urllib.parse.urlsplit/urlparse accepted domain names containing square brackets, contrary to RFC 3986. This leads to differential parsing between Python’s parser and other RFC-compliant parsers. The connecte...

6.3CVSS6.5AI score0.01499EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2021/05/24 5:6 p.m.69 views

CVE-2021-23386

Remote memory exposure vulnerability was found in nodejs dns-packet library. The buffers created with allocUnsafe are not always filled before forming the network packets and an attacker can use this vulnerability to potentially get access to internal application memory over non encrypted network...

7.7CVSS4.7AI score0.01425EPSS
Exploits0References4
Rows per page
Query Builder