6 matches found
CVE-2026-45568
zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...
PYSEC-2026-577 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...
Directory Traversal
Overview zrok is a zrok Affected versions of this package are vulnerable to Directory Traversal due to Alice exposing a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, whi...
rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths
Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...
CVE-2026-40303
CVE-2026-40303 (zrok) affects zrok prior to 2.0.1. The flaw is in endpoints.GetSessionCookie, which parses an attacker-supplied cookie chunk count and calls make([]string, count) without an upper bound before token validation. This enables unauthenticated remote attackers to trigger gigabyte-scal...
CVE-2026-40303 zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request t...