User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the X-Forwarded-Uri header when the --reverse-proxy setting is enabled and either --skip-auth-regex or --skip-auth-route is configured. An attacker can gain unauthorized access to protected routes by spoofing the...

HTTP Header Injection

Overview Affected versions of this package are vulnerable to HTTP Header Injection via the processing of HTTP headers containing underscores, which are normalized to dashes by certain upstream applications. Authenticated users can escalate privileges by injecting specially crafted XForwarded-...

EUVD-2010-4476

Malware in sbrugna...

CVE-2021-43840

messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

SUSE CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

CVE-2022-23556 CodeIgniter is vulnerable to IP address spoofing when using proxy

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...

UBUNTU-CVE-2022-24801

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

CVE-2010-4508

The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification...

CVE-2010-4508

CVE-2010-4508 affects Mozilla Firefox 4 through 4.0 Beta 7, in the WebSockets implementation. The vulnerability arises from improper handling of proxy upgrade negotiation, tied to an described “inherent problem” with the WebSocket spec. The impact is described as unspecified in the provided sourc...