753 matches found
GHSA-RJFV-PJVX-MJGV vulnerabilities
Vulnerabilities for packages: aws-load-balancer-controller, aws-load-balancer-controller-fips...
CVE-2026-54287
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...
CVE-2026-54287
Summary: Hono’s AWS Lambda adapter, in the ALB single-header mode and VPC Lattice v2, concatenates multiple Set-Cookie headers into a single comma-separated value, causing cookie attributes that include commas (e.g., Expires) to be misparsed or dropped. Affected components: Hono web framework; AW...
CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...
GHSA-RJFV-PJVX-MJGV vulnerabilities
Vulnerabilities for packages: aws-load-balancer-controller...
GHSA-J6C9-X7QJ-28XF hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...
hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...
NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...
PT-2026-49734
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...
[SECURITY] Fedora 44 Update: dnsdist-2.0.6-1.fc44
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...
CVE-2026-45558
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...
undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...
undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminator
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...
CVE-2026-45560 Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...
EUVD-2026-36039
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...
CVE-2026-45558
Roxy-WI versions 8.2.6.4 and earlier expose a vulnerability in the HAProxy config generation pathway. The HAProxy section-save endpoints (POST /api/service/haproxy//section/ and related PUT /global/defaults) accept a JSON option field that is not validated or escaped and is rendered verbatim into...
CVE-2026-45558 Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...
EUVD-2026-36038
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...
CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...
CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...