HTTP Request Smuggling

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Request Smuggling via the app.mount function. An attacker can access unintended routes or resources by sending requests with percent-encoded multi-byte characters in the URL path,...

PT-2026-44416

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description In the app.mount function, the mount prefix is stripped from the incoming request path using the raw URL pathname, whereas route matching is conducted against the percent-decoded path. This...

PT-2024-1513 · Unknown +2 · Libmodsecurity +3

Name of the Vulnerable Software and Affected Versions: ModSecurity / libModSecurity versions 3.0.0 through 3.0.11 Description: The issue is related to a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in...

CVE-2020-7694

This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...

Amazon Linux AMI : perl-YAML-LibYAML (ALAS-2014-324)

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow...