Lucene search
K

4 matches found

Snyk
Snyk
added 2026/03/17 8:52 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

9.1CVSS5.9AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 8:52 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing...

9.1CVSS5.9AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/03/17 5:27 p.m.6 views

CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References5
OSV
OSV
added 2026/03/16 3:15 p.m.4 views

GHSA-8R8J-GFHG-FW38 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References5
Rows per page
Query Builder