10 matches found
EUVD-2023-31254
Malicious code in bioql PyPI...
CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
CVE-2025-47910
CVE-2025-47910 — Normal (detailed) The connected sources confirm a vulnerability in Go’s net/http CrossOriginProtection: the AddInsecureBypassPattern can bypass more requests than intended, causing CrossOriginProtection to skip validation while forwarding the original request path. This may allow...
CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
SUSE CVE-2025-47910
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...
ext4: update orig_path in ext4_find_extent()
...
Important: ecs-service-connect-agent
Issue Overview: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an interna...
The vulnerability of the Envoy proxy server, related to insufficient validation of input data, allows attackers to bypass authentication procedures and gain unauthorized access to protected information.
The vulnerability of the Envoy proxy server is related to insufficient validation of input data during the processing of the x-envoy-original-path header. Exploiting this vulnerability allows a malicious actor to bypass authentication using a JSON Web Token JWT and gain unauthorized access to...
CVE-2023-27487 Envoy client may fake the header `x-envoy-original-path`
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...
PT-2023-2250 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0 Envoy versions prior to 1.25.3 Envoy versions prior to 1.24.4 Envoy versions prior to 1.23.6 Envoy versions prior to 1.22.9 Description: The issue is related to insufficient input validation when processing the...