CVE-2024-57823

In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath...

CVE-2024-57823

CVE-2024-57823 affects the Raptor RDF Syntax Library up to version 2.0.16, with an integer underflow when normalizing a URI in the turtle parser (raptor_uri_normalize_path). Connected advisories/plug-ins confirm impact on raptor2 across multiple vendor releases and indicate fixes in downstream se...

CVE-2024-57823

In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptorurinormalizepath...

PT-2025-3589

Name of the Vulnerable Software and Affected Versions Raptor RDF Syntax Library versions 2.0.0 through 2.0.16 Description The issue is related to an integer underflow when normalizing a URI with the turtle parser in the raptor uri normalize path function. This problem occurs in the Raptor RDF...

Directory Traversal

Spatie/browsershot is vulnerable to Directory Traversal. The vulnerability is due to URI normalization in the browser, where the check for file:// can be bypassed using file:\ instead, allows the attacker to manipulate the path and access files outside the intended directory...

CVE-2024-12908

Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...

CVE-2024-12908

Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...

Delinea Secret Server 安全漏洞

Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server version v11.7.31, which stems from a comparison of URIs before normalization and canonicalization in a protocol handler function, which may result in an...

CVE-2024-21547

CVE-2024-21547 affects the PHP package spatie/browsershot prior to 5.0.2 . The vulnerability is a Directory Traversal flaw caused by URI normalization in the browser where the file:// check can be bypassed using **file:**, allowing an attacker to read arbitrary server files by exploiting normaliz...

CVE-2024-21547

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read any file on the server by exploiting the normalization of \ into /...

webob: WebOb's location header normalization during redirect leads to open redirect

A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...

webob: WebOb's location header normalization during redirect leads to open redirect

A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-43093

CVE-2024-43093 affects the Android Framework component ExternalStorageProvider.java, where a bypass of a file-path filter can occur due to incorrect Unicode normalization. The root issue can allow local escalation of privilege without extra execution privileges, with exploitation requiring user i...

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI

Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...

CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI

Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the absolutePath function, due to missing path normalization, by executing a twig SSTI template. Remediation Upgrade craftcms/cms to version 4.12.2, 5.4.3 or...