Lucene search
K

76 matches found

Snyk
Snyk
added 2025/04/21 3:40 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal when routing requests to a backend using a PathPrefix, Path, or PathRegex matcher. An attacker can bypass the middleware chain to access backend services by including traversal sequences like /../ in a request. Detai...

9.3CVSS7.7AI score0.00768EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/21 3:40 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal when routing requests to a backend using a PathPrefix, Path, or PathRegex matcher. An attacker can bypass the middleware chain to access backend services by including traversal sequences like /../ in a request. Detai...

9.3CVSS7.7AI score0.00768EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.5 views

Traefik 路径遍历漏洞

Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. Traefik suffers from a path traversal vulnerability that stems from the fact that when managing requests using a PathPrefix, Path, or PathRegex matcher, it is possible to bypass the middleware chain by using...

9.3CVSS3.9AI score0.00768EPSS
Exploits0References5
OSV
OSV
added 2025/01/10 7:16 p.m.7 views

BIT-NODE-2024-37372

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...

3.6CVSS5.3AI score0.00477EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/05 7:49 p.m.27 views

Nuxt Icon affected by a Server-Side Request Forgery (SSRF)

Summary nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure...

8.6CVSS8.4AI score0.00648EPSS
Exploits0References4Affected Software1
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.02758EPSS
Exploits0
OSV
OSV
added 2023/11/09 5:15 p.m.6 views

AZL-79034 CVE-2023-45283 affecting package golang 1.25.7-1

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

7.5CVSS6.8AI score0.02758EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/11/08 1:52 a.m.5 views

SUSE CVE-2023-45283

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

6.8CVSS7.4AI score0.02758EPSS
Exploits0References12
OSV
OSV
added 2023/08/01 12:0 a.m.45 views

ASB-A-264880895

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.4AI score0.00095EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/04/18 7:0 p.m.53 views

CVE-2022-24863 Denial of service in http-swagger

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down...

7.5CVSS7.6AI score0.02402EPSS
Exploits0References4
OSV
OSV
added 2022/04/18 7:0 p.m.38 views

CVE-2022-24863 Denial of service in http-swagger

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down...

7.5CVSS7.2AI score0.02402EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.3 views

http-swagger 安全漏洞

http-swagger is a net/http wrapper. A security vulnerability exists in http-swagge, which stems from versions of http-swagger prior to 1.2.6, where an attacker may be able to perform denial-of-service attacks, including running out of memory on the host system. The memory exhaustion is attributed...

7.8CVSS7.2AI score0.02402EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/09/09 11:15 p.m.3 views

CVE-2021-39206

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect...

8.6CVSS7.1AI score0.01457EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/09/09 10:10 p.m.29 views

CVE-2021-39206 Incorrect Authorization with specially crafted requests

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect...

8.6CVSS8.8AI score0.01457EPSS
Exploits0References4
OSV
OSV
added 2021/03/11 12:15 a.m.1 views

UBUNTU-CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...

5.5CVSS7.1AI score0.01517EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2007/08/01 12:0 a.m.4 views

PT-2007-5319 · Php · Phpwebfilemanager

Name of the Vulnerable Software and Affected Versions: phpWebFileManager version 0.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PN PathPrefix parameter in the index.php file. However, this issue is disputed by a reliable third party, who...

6.8CVSS7.9AI score0.01349EPSS
Exploits0References6
Rows per page
Query Builder