12 matches found
CVE-2026-49098
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...
CVE-2026-42551
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...
CVE-2026-42551
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...
CVE-2026-42551
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...
Flight 安全漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...
Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass
Summary Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET request can silently become a DELETE or PUT, enabling CSRF...
Linux Distros Unpatched Vulnerability : CVE-2019-10913
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the overrid...
Improper Preservation of Consistency Between Independent Representations of Shared State
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Improper Preservation of Consistency Between Independent Representations of Shared State due to the improper handling of the X-HTTP-Method-Override...
PT-2023-23000
Name of the Vulnerable Software and Affected Versions ESPv2 versions 2.20.0 through 2.42.0 Description The issue allows API clients to bypass JWT authentication by crafting a malicious X-HTTP-Method-Override header value under specific conditions. This occurs when the requested HTTP method is not...
SilverStripe Environment Issues Vulnerabilities
SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A security vulnerability exists in Silverstripe 4.4.4 and previous versions. An attack...
UBUNTU-CVE-2019-10913
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...
CVE-2017-16136
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...