Lucene search
+L

13 matches found

cve
cve
added yesterday16 views

CVE-2026-59955

CVE-2026-59955 affects Apollo ConfigService before 2.5.2, where requests to /configfiles/raw/{appId}/{clusterName}/{namespace} are authenticated using a parsed appId value of raw instead of the actual path appId. This allows potential unauthorized access to raw configuration data when AccessKey/m...

7.5CVSS6.1AI score
Exploits0References3
osv
osv
added 2026/06/04 6:1 p.m.8 views

GHSA-2GCR-MFCQ-WCC3 Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5
github
github
added 2026/06/04 6:1 p.m.17 views

Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.18 views

PT-2026-46843

Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References6
cve
cve
added 2026/05/28 3:26 p.m.41 views

CVE-2026-47676

Summary: In Hono, prior to 4.12.21, app.mount() strips the mount prefix from the raw URL pathname while route matching uses the percent-decoded path. This mismatch can cause the prefix to be stripped at the wrong position for percent-encoded multi-byte characters, causing the mounted sub-applicat...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/05/11 8:25 p.m.16 views

CVE-2026-42274

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy ca...

7.8CVSS5.7AI score0.00368EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/08 3:43 a.m.45 views

CVE-2026-42274 Heimdall: Authorization bypass via path normalization mismatch

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy ca...

7.8CVSS0.00368EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/08 3:43 a.m.7 views

CVE-2026-42274

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw non-normalized request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy ca...

7.8CVSS5.7AI score0.00368EPSS
Exploits0References5Affected Software1
cve
cve
added 2026/05/08 3:43 a.m.21 views

CVE-2026-42274

CVE-2026-42274 affects Heimdall (cloud-native Identity Aware Proxy and Access Control Decision service). Before v0.17.14, it matches rules on raw, non-normalized request paths while downstream components normalize dot-segments per RFC 3986, potentially authorizing requests whose normalized path d...

7.8CVSS5.7AI score0.00368EPSS
Exploits0References4
osv
osv
added 2026/05/05 6:52 p.m.6 views

GHSA-RFGQ-WGG8-662P S3-Proxy has Security Issues in its Resource Path Matching Implementation

Background The original concern is functional: a resource pattern should treat a percent-encoded segment like some%2Fvalue as a single opaque token rather than splitting it into two path segments at the decoded /. Investigation into why %2F was being decoded and how routes matched against the...

9.4CVSS5.5AI score0.00554EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/30 8:38 p.m.35 views

CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS0.00767EPSS
Exploits1References4
osv
osv
added 2026/04/18 1:42 a.m.2 views

CVE-2026-40494 SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

9.8CVSS6AI score0.00314EPSS
Exploits0References4
github
github
added 2026/04/02 6:44 p.m.7 views

Rack:: Static header_rules bypass via URL-encoded paths

Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...

5.3CVSS5.9AI score0.00195EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder