2 matches found
GHSA-WCRF-9VRR-854F Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure
Impact The toabsolutenormalizedpath function security.lua:28-43 does not collapse redundant path separators // → /. On Linux, //etc/passwd is equivalent to /etc/passwd POSIX path semantics, but iscriticalpath fails to match the double-slash variant because //etc/passwd does not start with /etc/...
PowerDNS Recursor Lua Security Policy Bypass Vulnerability
PowerDNS Recursor aka pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security feature issue vulnerability exists in PowerDNS Recursor versions 4.1.4 through 4.1.8, which arises from the program failing to implement the Lua hooks mechanism for queries received...