Lucene search
+L

4 matches found

osv
osv
added 2023/05/11 4:15 p.m.7 views

AZL-37428 CVE-2023-24540 affecting package golang for versions less than 1.21.6-1

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...

9.8CVSS6.6AI score0.01548EPSS
Exploits0References1
nessus
nessus
added 2023/01/23 12:0 a.m.39 views

RHEL 8 : python-waitress (RHSA-2020:0720)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0720 advisory. Waitress is a pure Python WSGI server which supports HTTP/1.0 and HTTP/1.1. Security Fixes: HTTP request smuggling through LF vs CRLF handli...

8.2CVSS6.6AI score0.02714EPSS
Exploits1References9
cvelist
cvelist
added 2019/12/26 4:40 p.m.43 views

CVE-2019-16789 HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...

7.1CVSS7.6AI score0.02587EPSS
Exploits0References8
github
github
added 2019/12/26 4:34 p.m.72 views

HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress

Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...

6.6AI score
Exploits0References3Affected Software1
Rows per page
Query Builder