PT-2026-7153

Name of the Vulnerable Software and Affected Versions Faraday versions prior to 2.14.1 Description Faraday is an HTTP client library abstraction layer. A flaw exists in the build exclusive url method located in lib/faraday/connection.rb due to the use of Ruby’s URImerge function. This allows an...

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more...

CVE-2023-41708

References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more...

PT-2024-12966 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue concerns the "app loader" functionality, which could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject...

Mozilla: Incorrect parsing of relative URLs starting with "///"

The Mozilla Foundation Security Advisory describes this flaw as: Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites...