55 matches found
Advisory ROSA-SA-2026-3307
Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...
HTTP Response Splitting
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...
Hono 安全漏洞
Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.21 contained security vulnerabilities. These vulnerabilities stemmed from the serialize function not verifying the sameSite and priority options. This could allow the application to pass...
CVE-2026-47069 CRLF injection in cookie domain/path options in hackney
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...
JLSEC-2026-392
A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...
Hono 安全漏洞
Hono is a web framework written in TypeScript for the Hono community. Versions of Hono prior to 4.12.4 contained security vulnerabilities. These vulnerabilities stemmed from the setCookie tool, which did not validate the semicolons, line breaks, or newlines in the domain and path parameters when...
Insufficient Session Expiration
Overview @hotwired/turbo is a The speed of a single-page web application without having to write any JavaScript Affected versions of this package are vulnerable to Insufficient Session Expiration due to a race condition. An attacker can cause stale session cookies to be restored by delaying HTTP...
EUVD-2024-17298
Malicious code in bioql PyPI...
Rocky Linux 8 : firefox (RLSA-2024:0955)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0955 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read...
Debian dla-3747 : firefox-esr - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3747-1 [email protected]...
Oracle Linux 9 : thunderbird (ELSA-2024-0963)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. 115.8.0-1.0.1 - Add Oracle modifications 115.8.0-1 - Update to 115.8.0 build1 Tenable has extracted the preceding description block directly from the...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...
Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts
The Mozilla Foundation Security Advisory describes this flaw as: Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie respon...