UBUNTU-CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

EUVD-2021-1025

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-16487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

UBUNTU-CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the URIjoin, URImerge, and URI+ methods, which may expose stored credentials from userinfo, after the host is replaced. An attacker can cause a URL to a malicious...

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

SAP S/4 HANA 安全漏洞

SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP. A security vulnerability exists in SAP S/4 HANA, which stems from a field in the "read only" state that can be modified via the MERGE method...

PT-2024-7173 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue is related to the Manage Bank Statement Handler component of the SAP S/4HANA platform. It is caused by the lack of a mechanism to prevent unintended changes to resources when...

Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...

CVE-2019-10808

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...

CVE-2019-10808

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...

CVE-2019-10808

CVE-2019-10808 affects utilitify prior to 1.0.3. The merge function can facilitate prototype pollution by adding or modifying properties on Object.prototype, enabling attackers to tamper with object hierarchies. This is documented across multiple sources (GHSA/Snyk and vendor advisories). remedia...

IIS7. 0 website, the exploit and the Fix-vulnerability warning-the black bar safety net

To the currently popular PHP as an example: To merge a PHP word pictures of horses, the combined method: ① , DOS merge: copy 1.gif /b + 1. txt/a php.gif ② , With edjpgcom, make picture and word Trojan of the merger, remark Code of? php eval$POSTmeckun;?& gt; Pictures just to find one...