Lucene search
K

123 matches found

NVD
NVD
added 2022/07/14 3:15 p.m.26 views

CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS0.68796EPSS
Exploits1References7
Prion
Prion
added 2022/07/14 3:15 p.m.28 views

Design/Logic Flaw

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.4CVSS6.9AI score0.68796EPSS
Exploits1References7Affected Software6
UbuntuCve
UbuntuCve
added 2022/07/14 3:15 p.m.42 views

CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS6.8AI score0.68796EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/07/14 12:0 a.m.25 views

CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS7AI score0.68796EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2022/07/08 7:17 p.m.46 views

CVE-2022-32215

A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle...

6.5CVSS3.4AI score0.68796EPSS
Exploits1References4
Hacker One
Hacker One
added 2022/07/08 3:41 a.m.81 views

Internet Bug Bounty: CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

Original Report: https://hackerone.com/reports/1501679 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...

6.4CVSS7.3AI score0.68796EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2022/06/15 11:22 a.m.6 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/13 9:38 a.m.4 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/13 9:24 a.m.9 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/13 9:22 a.m.5 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/13 7:47 a.m.9 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/08 9:39 a.m.12 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/03 1:51 p.m.4 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 7:1 p.m.50 views

GHSA-4MGV-M5CM-F9H7 Vault GitHub Action did not correctly mask multi-line secrets in output

HashiCorp vault-action aka Vault GitHub Action before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking. The vault-action implementation did not correctly handle the marking of...

7.5CVSS7.3AI score0.0188EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2022/05/17 11:41 p.m.5 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/05/11 7:29 p.m.7 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/05/03 7:11 a.m.8 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/26 7:49 p.m.6 views

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS7.2AI score0.04271EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/03/06 3:45 a.m.212 views

Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

Summary: The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. Description: When Node receives the following request: http GET / HTTP/1.1 Transfer-Encoding: chunked , identity 1 a 0 it...

6.4CVSS7.5AI score0.68796EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/09/23 11:16 p.m.56 views

Improper Input Validation and Command Injection in Ansible

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

7.1CVSS7.1AI score0.00854EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder