5 matches found
Use of Incorrectly-Resolved Name or Reference
Overview srvx is an Universal Server. Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in the FastURL function due to a pathname parsing discrepancy when handling absolute URIs with non-standard schemes in raw HTTP requests. An attacker can bypass...
CVE-2026-33732
srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...
CVE-2026-33732
srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...
CVE-2026-33732
The srvx vulnerability CVE-2026-33732 affects the Node.js adapter prior to version 0.11.13, where FastURL’s pathname parsing could mis-handle absolute URIs with non-standard schemes (e.g., file://). This allowed bypass of route-based middleware because FastURL would later deopt to the native URL ...
PT-2026-28517
Name of the Vulnerable Software and Affected Versions srvx versions prior to 0.11.13 Description srvx is a universal server based on web standards. A discrepancy in pathname parsing within srvx's FastURL component allows bypassing middleware on the Node.js adapter. This occurs when a raw HTTP...