CVE-2023-4522

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug [CVE-2023-46136]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF character at the beginning CVE-2023-46136. Pallets Werkzeug is used in our Speech...

BIT-GITLAB-2023-4522 Improper Validation of Specified Type of Input in GitLab

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit...

Improper Neutralization Of Special Elements

gitlab is vulnerable to Improper Neutralization of Special Elements. The vulnerability is due to there is no proper validation for user-supplied input, specifically when committing directories containing LF Line Feed characters. This flaw results in HTTP 500 errors when viewing the affected commi...

AIOHTTP has problems in HTTP parser (the python one, not llhttp)

Summary The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. Details Bug 1: Bad parsing of Content-Length values Description RFC 9110 says this:...

CVE-2023-4522

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit...

CVE-2023-4522

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit...

CVE-2023-4522 Improper Validation of Specified Type of Input in GitLab

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit...

CVE-2023-4522

CVE-2023-4522 affects GitLab versions before 16.2.0. The issue causes 500 errors when viewing commits that include directories containing a line feed (LF) character. The description in the connected sources confirms the vulnerable condition but does not provide a confirmed fix in the supplied doc...

CVE-2023-4522 Improper Validation of Specified Type of Input in GitLab

An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit...

CVE-2021-41136

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

CVE-2021-41136

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

CVE-2021-41136 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

PSF-2019-16 Email header injection in Address objects

It is possible to inject email headers using CR or LF character. The fix disallows CR and LF characters in email.headerregistry.Address arguments to guard against header injection attacks...

CVE-2007-4447

Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to 1 execute arbitrary code via a long game command in a replay .rpl file and 2 cause a denial of service application crash via a long SAY command that omits a required LF character; and allow remote...