53 matches found
DEBIAN-CVE-2026-33637
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...
UBUNTU-CVE-2026-33637
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...
CVE-2026-33637
Faraday (HTTP client library) vulnerability CVE-2026-33637 affects versions 2.0.0–2.14.1, where protocol-relative host override is still possible when the request target is passed as a URI object to Faraday::Connection#build_exclusive_url. This can enable off-host request forgery by redirecting a...
CVE-2026-33637 Faraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...
EUVD-2026-30966
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping
Summary Faraday::Connectionbuildexclusiveurl still allows protocol-relative host override when the request target is provided as a URI object instead of a String. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and can redirect a request built from a fixed-base Faraday::Connection to ...
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2 - protocol-relative URI objects still bypass host scoping
Summary Faraday::Connectionbuildexclusiveurl still allows protocol-relative host override when the request target is provided as a URI object instead of a String. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and can redirect a request built from a fixed-base Faraday::Connection to ...
CVE-2026-44372
CVE-2026-44372 affects Nitro, a server toolkit, with an Open Redirect via a protocol-relative URL bypass in wildcard route rules. Before the patch, a redirect rule using a wildcard could be manipulated to redirect cross-host by sliding an extra slash after the rule prefix. The issue is fixed in N...
CVE-2026-44372 Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...
CVE-2026-44372 Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...
Open Redirect in user_oidc login flow via protocol-relative URL bypass
None...
CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...
Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
A redirect route rule like: ts routeRules: "/legacy/": redirect: "/" is intended to rewrite paths within the same host. Before the patch, an attacker could turn the rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. Example exploit: GET /legacy//evil.com Nitro...
GHSA-9PHM-9P8F-HW5M Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
A redirect route rule like: ts routeRules: "/legacy/": redirect: "/" is intended to rewrite paths within the same host. Before the patch, an attacker could turn the rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. Example exploit: GET /legacy//evil.com Nitro...
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitro versions 3.0.260429-beta...
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitropack versions 2.13.4...
CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass
The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...
Open Redirect
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Open Redirect via the redirectBack function. An attacker can cause users to be redirected to an external, attacker-controlled domain by crafting a URL with a...
Open Redirect
miniflux.app/v2 is vulnerable to Open Redirect. The vulnerability is due to improper validation of the redirecturl parameter where protocol-relative URLs bypass the url.Parse....IsAbs check, which allows an attacker to redirect users to attacker-controlled websites after login...
Angular SSR has an Open Redirect via X-Forwarded-Prefix
An Open Redirect vulnerability exists in the internal URL processing logic in Angular SSR. The logic normalizes URL segments by stripping leading slashes; however, it only removes a single leading slash. When an Angular SSR application is deployed behind a proxy that passes the X-Forwarded-Prefix...