3 matches found
PT-2026-49064
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description Public share handlers rebase the share owner's filesystem root to the shared directory and evaluate descendant paths against global and per-user rules using the rebased relative path instead of...
GHSA-GX7W-56W6-G48X Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path Matching
AI Disclosure I used an LLM to help review the source code, reason about attack surface, and help draft and refine this report. I manually validated the finding by reproducing it locally, confirming the vulnerable code path, and verifying the HTTP behavior with curl -v. Summary Caddy's remote adm...
@fastify/middie security vulnerabilities
@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie prior to 9.1.0 contained security vulnerabilities. These vulnerabilities were due to improper path prefix matching, which could allow the middleware to bypass security checks...