CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

PT-2019-8316 · Edx +1 · Open Edx +1

Name of the Vulnerable Software and Affected Versions: Open edX versions prior to 2017-01-10 Description: The installation process exposes a MongoDB instance to external connections with default credentials. This issue may allow unauthorized access to the database. Recommendations: For versions...