Ubuntu: Security Advisory (USN-8151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8151-1 lambdaisland-uri-clojure vulnerability

It was discovered that lambdaisland/uri did not properly sanitize the backslash character in URI strings. An attacker could possibly use this issue to bypass security checks or redirect users...

USN-8151-1: lambdaisland/uri vulnerability

It was discovered that lambdaisland/uri did not properly sanitize the backslash character in URI strings. An attacker could possibly use this issue to bypass security checks or redirect users...

lambdaisland/uri `authority-regex` returns the wrong authority

Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...

DEBIAN-CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

UBUNTU-CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

CVE-2023-28628 `authority-regex` returns the wrong authority in lambdaisland/uri

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

CVE-2023-28628

CVE-2023-28628 affects lambdaisland/uri (Clojure/ClojureScript) prior to 1.14.120, where authority-regex does not correctly handle backslashes in usernames, causing the library to parse and report an incorrect host (e.g., payload https://[email protected] returns host google.com instead of e...

lambdaisland uri 输入验证错误漏洞

lambdaisland/uri is a pure Clojure/ClojureScript URI library open-sourced by Lambda Island. A security vulnerability exists in lambdaisland uri versions prior to 1.14.120. An attacker could use this vulnerability to send a malicious URL for lambdaisland/uri to parse and return incorrect permissio...

PT-2023-21859

Name of the Vulnerable Software and Affected Versions lambdaisland/uri versions prior to 1.14.120 Description The issue allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri library, returning the wrong authority. This occurs because the authority-regex does not handle th...