Lucene search
K

14 matches found

EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข4 views

EUVD-2025-15117

Malicious code in bioql PyPI...

9.8CVSS6.8AI score0.00821EPSS
Exploits0References1
OSV
OSV
โ€ขadded 2025/04/14 11:39 a.m.โ€ข7 views

BIT-PHP-MIN-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

9.8CVSS6.5AI score0.00821EPSS
Exploits0References4
OSV
OSV
โ€ขadded 2025/04/14 11:39 a.m.โ€ข10 views

BIT-PHP-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

9.8CVSS6.5AI score0.00821EPSS
Exploits0References4
NVD
NVD
โ€ขadded 2025/03/30 6:15 a.m.โ€ข10 views

CVE-2025-1861

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

9.8CVSS0.00821EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2025/03/30 5:57 a.m.โ€ข8 views

CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

6.3CVSS6.8AI score0.00821EPSS
Exploits0References5
Cvelist
Cvelist
โ€ขadded 2025/03/30 5:57 a.m.โ€ข29 views

CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

6.3CVSS0.00821EPSS
Exploits0References1
Github Security Blog
Github Security Blog
โ€ขadded 2024/01/29 10:30 p.m.โ€ข67 views

aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

Summary Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger...

6.5CVSS7.2AI score0.01029EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
โ€ขadded 2022/06/21 8:7 p.m.โ€ข61 views

Change in port should be considered a change in origin

Impact Authorization and Cookie headers on requests are sensitive information. On making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we...

7.7CVSS7.3AI score0.01413EPSS
Exploits0References7Affected Software1
OSV
OSV
โ€ขadded 2022/06/21 8:7 p.m.โ€ข84 views

GHSA-Q559-8M2M-G699 Change in port should be considered a change in origin

Impact Authorization and Cookie headers on requests are sensitive information. On making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers from the request, before containing. Previously, we...

7.7CVSS7.4AI score0.01413EPSS
Exploits0References7
Github Security Blog
Github Security Blog
โ€ขadded 2022/06/09 11:47 p.m.โ€ข38 views

Failure to strip the Cookie header on change in host or HTTP downgrade

Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...

7.5CVSS7.4AI score0.0182EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
โ€ขadded 2022/06/09 11:47 p.m.โ€ข47 views

Fix failure to strip Authorization header on HTTP downgrade

Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...

7.5CVSS7.3AI score0.0182EPSS
Exploits0References8Affected Software1
OSV
OSV
โ€ขadded 2022/05/25 6:9 p.m.โ€ข56 views

GHSA-CWMX-HCRQ-MHC3 Cross-domain cookie leakage in Guzzle

Impact Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains...

8CVSS7.7AI score0.01239EPSS
Exploits0References8
Github Security Blog
Github Security Blog
โ€ขadded 2022/05/25 6:9 p.m.โ€ข51 views

Cross-domain cookie leakage in Guzzle

Impact Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains...

8.1CVSS7.8AI score0.01239EPSS
Exploits0References8Affected Software1
Friends Of PHP
Friends Of PHP
โ€ขadded 2022/05/25 1:19 p.m.โ€ข32 views

Cross-domain cookie leakage

Impact Previous version of Guzzle contain a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains...

8.1CVSS7.7AI score0.01239EPSS
Exploits0Affected Software1
Rows per page
Query Builder