633 matches found
HTTP Request Smuggling
Overview @nuxt/nitro-server is a Nitro server integration for Nuxt Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive...
@geode/opengeodeweb-front (>=9.13.1 <=10.0.2-rc.4), nuxt (>=3.20.0 <=3.21.5) potentially affected by CVE-2026-46342 via @nuxt/nitro-server (>=3.20.0 <=3.21.5)
@nuxt/nitro-server NPM version =3.20.0, =9.13.1, =3.20.0, =3.21.5 Source cves: CVE-2026-46342 Source advisory: OSV:GHSA-G8WJ-3CR3-6W7V...
CVE-2026-44373
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...
CVE-2026-44372
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...
CVE-2026-44372 Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...
CVE-2026-44372 Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...
CVE-2026-44372
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...
CVE-2026-44372
CVE-2026-44372 affects Nitro, a server toolkit, with an Open Redirect via a protocol-relative URL bypass in wildcard route rules. Before the patch, a redirect rule using a wildcard could be manipulated to redirect cross-host by sliding an extra slash after the rule prefix. The issue is fixed in N...
CVE-2026-44373
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...
CVE-2026-44373
The CVE-2026-44373 issue affects Nitro (server toolkit) where an attacker could bypass a proxy route rule by sending a percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request outside the configured scope. The vulnerability is tied to Nitro’s routeRules proxy handling...
CVE-2026-44373 Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...
CVE-2026-44373 Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...
Nitro 路径遍历漏洞
Nitro is an open-source, zero-configurable production-level server extension tool developed by Nitro. Versions prior to Nitro 3.0.260429-beta contained a path traversal vulnerability. This vulnerability allowed attackers to send percent-encoded paths in URLs, causing Nitro to redirect requests to...
Nitro 输入验证错误漏洞
Nitro is an open-source, zero-configurable production-level server extension tool developed by Nitro. Versions prior to Nitro 3.0.260429-beta contained a vulnerability related to input validation errors. This vulnerability allowed attackers to convert wildcarded redirect rules into cross-host...
MAL-2026-3464 Malicious code in @tanstack/nitro-v2-vite-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f689866f0ed8e6cf47200b7bf613dd377c407e21d5ed6b2a0caf5252e822d8ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/nitro-v2-vite-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f689866f0ed8e6cf47200b7bf613dd377c407e21d5ed6b2a0caf5252e822d8ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@analogjs/platform (>=0.1.0-beta.15 <=0.2.0-beta.13), @analogjs/vite-plugin-nitro (>=0.2.0-beta.2 <=0.2.0-beta.13) +55 more potentially affected by CVE-2026-44372 via nitropack (>=0.2.11 <=2.13.1)
nitropack NPM version =0.2.11, =0.1.0-beta.15, =0.2.0-beta.2, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =5.0.0-rc.108, =5.0.0-rc.108, =1.0.0, =1.0.0, =0.13.0, =0.7.2, =0.7.3, =0.9.1, =0.13.1, =0.15.0 and more Source cves: CVE-2026-44372 Source advisory: OSV:GHSA-9PHM-9P8F-HW5M...
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitro versions 3.0.260429-beta...
Open Redirect
Overview nitro is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Open Redirect via the routeRules function. An attacker can redirect users to arbitrary external sites by crafting URLs with double slashes after the route prefix, causing browsers...
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitropack versions 2.13.4...