Lucene search
+L

4 matches found

NVD
NVD
added yesterday8 views

CVE-2026-15631

Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which...

8.7CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-16117

Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string...

10CVSS5.3AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15631

Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which...

8.7CVSS5.4AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.4 views

Envoy Security Vulnerabilities

Envoy is an open source distributed proxy server. A security vulnerability exists in Envoy versions prior to 1.30.4, 1.29.7, 1.28.5, and 1.27.7, which stems from a reference to memory that has been freed when using the cookie attribute when configuring a routing hash policy, resulting in the...

9.1CVSS6.9AI score0.00647EPSS
Exploits0References7
Rows per page
Query Builder