Lucene search
+L

6 matches found

nvd
nvd
added 2026/05/08 4:16 a.m.21 views

CVE-2026-42274

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy ca...

7.8CVSS0.00368EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/08 3:43 a.m.7 views

CVE-2026-42274

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy ca...

7.8CVSS5.7AI score0.00368EPSS
Exploits0References5Affected Software1
cve
cve
added 2026/05/08 3:43 a.m.24 views

CVE-2026-42274

CVE-2026-42274 affects Heimdall (cloud-native Identity Aware Proxy and Access Control Decision service). Before v0.17.14, it matches rules on raw, non-normalized request paths while downstream components normalize dot-segments per RFC 3986, potentially authorizing requests whose normalized path d...

7.8CVSS5.7AI score0.00368EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/10/28 12:0 a.m.6 views

Red Hat build of Keycloak 代码问题漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat USA. A code issue vulnerability exists in the Red Hat build of Keycloak, which stems from a proxy misconfiguration that could result in accessing the /admin path via a non-normalized path...

3.7CVSS6.6AI score0.00386EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-2065

Malicious code in bioql PyPI...

10CVSS7.7AI score0.03732EPSS
Exploits1References10
veracode
veracode
added 2019/05/16 3:58 a.m.25 views

Access Control Bypass

Envoy is vulnerable to access control bypass attacks. This is because it does not normalize HTTP URL paths. A remote attacker could craft a relative path and could interpret the non-normalized path, that provide an attacker to access beyond the scope provided by the access control policy...

10CVSS9.1AI score0.0268EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder