Server-Side Request Forgery (SSRF)

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...

Improper Input Validation

url-js is vulnerable to improper input validation. The vulnerability exists in parseUrl function in parseUrl.js because the inputs are not parsed properly which allows an attacker to perform host name spoofing...

Open Redirect in node-forge

parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path...

GHSA-8FR3-HFG3-GPGP Open Redirect in node-forge

parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path...

Server-Side Request Forgery (SSRF)

node-forge is vulnerable to server-side request forgery. The vulnerability exists in parseUrl because certain relative paths are mishandled when validating, which allows the bypass of the URL redirection validation...

OSV-2021-1793 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43160 Crash type: Heap-buffer-overflow READ Crash state: seturl parseurl curlurlset...

OSV-2021-1758 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42892 Crash type: Heap-buffer-overflow READ Crash state: seturl parseurl curlurlset...

OSV-2021-1747 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42808 Crash type: Heap-buffer-overflow READ 16 Crash state: seturl parseurl curlurlset...

OSV-2021-1730 Heap-buffer-overflow in seturl

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42708 Crash type: Heap-buffer-overflow READ Crash state: seturl parseurl curlurlset...

CVE-2021-25640

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...

CVE-2021-25640

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...

Server side request forgery (ssrf)

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability...

Apache Dubbo 代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A security vulnerability exists in...

CVE-2021-25640

CVE-2021-25640 affects Apache Dubbo prior to versions 2.6.12 and 2.7.15, where the parseURL method can bypass white-host checks, enabling open redirect or SSRF. Impacted components and exact root cause are described across multiple sources; exploitation status is not detailed here. Remediation is...

curl:curl_fuzzer_http: Heap-use-after-free in seturl

Project: https://github.com/curl/curl.git Detailed Report: https://oss-fuzz.com/testcase?key=5168359280214016 Project: curl Fuzzing Engine: libFuzzer Fuzz Target: curlfuzzerhttp Job Type: libfuzzerasancurl Platform Id: linux Crash Type: Heap-use-after-free READ 1 Crash Address: 0x60300002cfbb Cra...