Lucene search
K

7 matches found

EUVD
EUVD
added 2026/04/16 10:34 p.m.5 views

EUVD-2026-23227

@fastify/static vulnerable to route guard bypass via encoded path separators...

5.9CVSS5.8AI score0.00398EPSS
Exploits0References5
CVE
CVE
added 2026/04/16 1:29 p.m.28 views

CVE-2026-6410

Affected product/component: @fastify/static, versions 8.0.0–9.1.0. Root cause: dirList.path() uses path.join() to resolve directories outside the configured static root without containment checks, enabling path traversal when directory listing is enabled via the list option. Impact: remote unauth...

5.3CVSS5.9AI score0.00506EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/16 1:29 p.m.35 views

CVE-2026-6410 @fastify/static vulnerable to path traversal in directory listing

@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path function resolves directories outside the configured static root using path.join without a containment check. A remote unauthenticated attacker can obtain...

5.3CVSS0.00506EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 1:16 p.m.5 views

CVE-2026-6414

@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators %2F before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. F...

5.9CVSS0.00398EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/16 1:9 p.m.4 views

CVE-2026-6414 @fastify/static vulnerable to route guard bypass via encoded path separators

@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators %2F before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. F...

5.9CVSS5.8AI score0.00398EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/16 1:9 p.m.32 views

CVE-2026-6414 @fastify/static vulnerable to route guard bypass via encoded path separators

@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators %2F before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers to bypass route-based middleware or guards that protect files served by @fastify/static. F...

5.9CVSS0.00398EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:25 p.m.3 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses Requests is a HTTP library. Due to a URL parsing issue to third parties for specific urls.

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses Requests is a HTTP library. Due to a URL parsing issue to third parties for specific urls. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081...

5.3CVSS6.5AI score0.00846EPSS
Exploits1Affected Software1
Rows per page
Query Builder