Lucene search
K

5 matches found

OSV
OSV
added 2026/06/25 1:34 p.m.2 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.0251EPSS
Exploits3References43
Snyk
Snyk
added 2026/06/17 6:22 p.m.8 views

Permissive List of Allowed Inputs

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via permissive substring matching in the Set-Cookie attribute parsing. An attacker can weaken cookie SameSite enforcement by crafting a...

8.3CVSS5.9AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

CRLF Injection

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to CRLF Injection in the parseSetCookie. An attacker can inject arbitrary HTTP headers by supplying specially crafted percent-encoded values in the Set-Cookie header, which...

9.2CVSS6AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 4:56 p.m.22 views

CVE-2026-9679 undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS0.00257EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2018/05/07 12:0 a.m.72 views

GNU Wget 1.19.4 Cookie Injection

GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a malicious web server injecting arbitrary cookies to th...

7AI score0.17249EPSS
Exploits5
Rows per page
Query Builder