Lucene search
K

84 matches found

OSV
OSV
added 2026/04/07 3:30 p.m.4 views

GHSA-MVFQ-GGXM-9MC5 Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.8 views

Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.2 views

CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

5.9AI score0.00436EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/07 2:0 p.m.9 views

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.7 views

PT-2025-46204

Name of the Vulnerable Software and Affected Versions OAuth2-Proxy versions prior to 7.13.0 Description OAuth2-Proxy is susceptible to a header smuggling issue. In deployments positioned before applications that normalize underscores to dashes in HTTP headers like WSGI-based frameworks such as...

8.5CVSS6.6AI score0.00633EPSS
Exploits0References24
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview aastra-xmlapi is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using aastra-xmlapi...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview active-modelserializerplus is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.7AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview aliyunslb is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using aliyunslb...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview a1535yt-gem is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using a1535yt-gem...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview batsddash is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using batsddash...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview telegrambot-ruby is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview nhtsa-vin is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using nhtsa-vin...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview action-pubsub is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using action-pubsub...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview ability-engine is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using ability-engi...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.4 views

Malicious Package

Overview act-asnameable is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using act-asnameab...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview dradisbrakeman is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using dradisbrakem...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview amazonkinesis-client-ruby is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview amplitudeapi is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using amplitudeapi...

8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.3 views

Malicious Package

Overview 3scale-timerange is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview activerecordpublishable is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder