GHSA-43JV-5J4X-QV67 Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation

Summary Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent %2f is not recognized and therefore not processed as expected when allowencodedslashes is set to off the default setting. Th...

opa-envoy-plugin 安全漏洞

opa-envoy-plugin is a plugin developed by Open Policy Agent. Versions of opa-envoy-plugin prior to 1.13.2-envoy-2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the way the input.parsedpath field was constructed, which could lead to mismatches in path...

EUVD-2021-0686

Malware in sbrugna...

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

auto-cve-2022-44268 Automating expl...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

URI.js Security Vulnerability

Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently splice URLs. A security vulnerability exists in URI.js before 1.19.6 that stems from incorrect handling of certain uses of backslashes e.g., http: / and interpreting URIs as relative paths...