CVE-2021-21682

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows...

CVE-2021-21682

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier, which stems from the system's...

PT-2021-14725 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.314 and earlier Jenkins LTS versions 2.303.1 and earlier Description: The issue arises from Jenkins accepting names of jobs and other entities with a trailing dot character on Windows, potentially allowing users with...

Incorrect Authorization in serverless-offline

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

CVE-2021-37598

WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character...

PT-2021-21730

Name of the Vulnerable Software and Affected Versions WP Cerber versions prior to 8.9.3 Description The issue allows bypass of /wp-json access control via a trailing ? character. Recommendations For versions prior to 8.9.3, update to version 8.9.3 or later to resolve the issue. As a temporary...

Improper access control

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

PT-2021-20902 · Owasp · Owasp Modsecurity Core Rule Set

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set versions 3.1.x through 3.1.1 OWASP ModSecurity Core Rule Set versions 3.2.x through 3.2.0 OWASP ModSecurity Core Rule Set versions 3.3.x through 3.3.1 Description: The issue is related to a Request Body Bypass...

GHSA-MJ9R-WWM8-7Q52 Open Redirect in github.com/AndrewBurian/powermux

Impact Attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. Patches The issue is resolved in v1.1.1 Workarounds There are no...

Open Redirect in github.com/AndrewBurian/powermux

Impact Attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. Patches The issue is resolved in v1.1.1 Workarounds There are no...

Directory Traversal

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to Directory Traversal. WEBrick, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files...

Unspecified Vulnerability in PowerMux

PowerMux is an application software. http. ServeMux has all the missing features of Go's replacement. Versions of PowerMux prior to 1.1.1 contain a security vulnerability that allows attackers to craft phishing links and other open redirects by exploiting the trailing slash redirection feature...

CVE-2021-32721

PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an...

CVE-2021-32721

PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an...

PowerMux 输入验证错误漏洞

PowerMux is an application software. http. ServeMux has all the missing features of Go's replacement. Versions of PowerMux prior to 1.1.1 contain a security vulnerability that allows attackers to craft phishing links and other open redirects by exploiting the trailing slash redirection feature...

URL Redirection to Untrusted Site (Open Redirect)

PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link...

GHSA-MJ8X-CPR8-X39H Remote code execution in Apache Tapestry

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

GHSA-RFHR-62XP-2FP2 Open Redirect in trailing-slash

The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable code is in index.js::createTrailing, as the web server uses relative URLs...

Open Redirection

trailing-slash is vulnerable to open redirection. The use of trailing double slashes in the URL when accessing vulnerable endpoint allows for open redirection...