8 matches found
EUVD-2022-2298
Malicious code in bioql PyPI...
Uncontrolled Resource Consumption in Hawk
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
OESA-2022-1667 nodejs-hawk security update
Hawk is an HTTP authentication scheme using a message authentication code MAC algorithm to provide partial HTTP request cryptographic verification. Security Fixes: Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic...
Regular Expression Denial Of Service (ReDoS)
hawk is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to increase the computational time exponentially by adding a huge number of characters through Hawk.utils.parseHost function to slowdown and cause denial of service conditions in the application...
CVE-2022-29167
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
Cross site request forgery (csrf)
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
CVE-2022-29167 ReDoS vulnerability in header parsing in hawk
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
CVE-2022-29167
The CVE-2022-29167 issue concerns Hawk’s Host header parsing: Hawk.utils.parseHost() used a regex that enabled a regular expression DoS attack. The root cause is in parsing the Host header, leading to potential DoS with input size. A patch in Hawk 9.0.1 switches to the built-in URL class to parse...