Use of Incorrectly-Resolved Name or Reference

Overview srvx is an Universal Server. Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in the FastURL function due to a pathname parsing discrepancy when handling absolute URIs with non-standard schemes in raw HTTP requests. An attacker can bypass...

@aero-js/config (>=0.3.3 <=0.3.5), @aero-js/core (>=0.3.3 <=0.3.5) +57 more potentially affected by CVE-2026-33131 +1 more via srvx (>=0.10.1 <=0.11.12)

srvx NPM version =0.10.1, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.1.0, =0.1.0, =2.4.0-alpha.2, =2.4.0-alpha.2, =0.1.2, =0.0.1-alpha.0, =0.7.14, =0.2.0, =3.32.0, =3.33.0 and more Source cves: CVE-2026-33131, CVE-2026-33732 Source advisory: SNYK:JS-SRVX-15790571...

CVE-2026-33732

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

CVE-2026-33732

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

CVE-2026-33732

The srvx vulnerability CVE-2026-33732 affects the Node.js adapter prior to version 0.11.13, where FastURL’s pathname parsing could mis-handle absolute URIs with non-standard schemes (e.g., file://). This allowed bypass of route-based middleware because FastURL would later deopt to the native URL ...

CVE-2026-33732 srvx is vulnerable to middleware bypass via absolute URI in request line

srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Starting in version 0.11.13, the...

@aero-js/config (>=0.3.3 <=0.3.5), @aero-js/core (>=0.3.3 <=0.3.5) +57 more potentially affected by CVE-2026-33732 via srvx (>=0.10.1 <=0.11.12)

srvx NPM version =0.10.1, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.1.0, =0.1.0, =2.4.0-alpha.2, =2.4.0-alpha.2, =0.1.2, =0.0.1-alpha.0, =0.7.14, =0.2.0, =3.32.0, =3.33.0 and more Source cves: CVE-2026-33732 Source advisory: OSV:GHSA-P36Q-Q72M-GCHR...

PT-2026-28517

Name of the Vulnerable Software and Affected Versions srvx versions prior to 0.11.13 Description srvx is a universal server based on web standards. A discrepancy in pathname parsing within srvx's FastURL component allows bypassing middleware on the Node.js adapter. This occurs when a raw HTTP...

srvx 安全漏洞

Srvx is a web-based general server developed by H3 Open Source. Versions of Srvx prior to 0.11.13 contained security vulnerabilities. These vulnerabilities were caused by differences in path name resolution in FastURL, which could allow middleware to bypass security measures...

EUVD-2014-5395

Malware in sbrugna...

CVE-2014-5508

Multiple integer overflows in the HelpServ module mod-helpserv.c in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service infinite loop via a large value in the EmptyInterval parameter or certain other interval configurations...

CVE-2014-5508

CVE-2014-5508 describes multiple integer overflows in the HelpServ module (mod-helpserv.c) of srvx 1.3.1 that allow a remote authenticated IRCops or HelpServ bot managers to trigger a denial of service (infinite loop) by sending a large value in the EmptyInterval parameter or through certain inte...