PT-2024-18991 · Flarum · Flarum

Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.8.5 Description: The Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to any link. For logged-in users, the logout mus...

ruby's cgi.rb vulnerable infinite loop DoS

The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...