PT-2025-53783

Name of the Vulnerable Software and Affected Versions Axios Cache Interceptor versions prior to 1.11.1 Description Axios Cache Interceptor, a cache interceptor for axios, improperly handles responses with the Vary: Authorization header. Prior to version 1.11.1, the cache key was generated solely...

EUVD-2024-37891

Malicious code in bioql PyPI...

CVE-2024-39305

Envoy vulnerability CVE-2024-39305: In versions prior to 1.30.4, 1.29.7, 1.28.5, and 1.27.7, there is a use-after-free when route hash policy is configured with cookie attributes. During request processing Envoy may copy content from de-allocated memory into the request cookie header, potentially...

Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner

...

Cross site request forgery (csrf)

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values ...

CVE-2023-27493 Envoy doesn't escape HTTP header values

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values ...

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections

A vulnerability was identified in Consul and Consul Enterprise “Consul” an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an...

PT-2023-2223 · Hashicorp +2 · Hashicorp Consul +3

Name of the Vulnerable Software and Affected Versions: Consul versions prior to 1.14.5 Consul Enterprise versions prior to 1.14.5 Description: The issue is related to an authenticated user with service:write permissions triggering a workflow that causes the Consul server and client agents to cras...

fastify-http-proxy 输入验证错误漏洞

Docs fastify-http-proxy is Docs an open source application . It is used to forward all incoming requests with a given prefix or no prefix to the upstream. A security vulnerability exists in fastify-http-proxy that stems from the ability to escape the prefix of a proxy backend service by creating ...

Mandriva Update for pidgin MDVA-2010:232 (pidgin)

Check for the Version of pidgin OpenVAS Vulnerability Test Mandriva Update for pidgin MDVA-2010:232 pidgin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Mandriva Update for pidgin MDVA-2010:232 (pidgin)

Check for the Version of pidgin OpenVAS Vulnerability Test Mandriva Update for pidgin MDVA-2010:232 pidgin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Botnet Herder PROXIEZ Goes Offline

One of the internet’s most resilient and crimeware-friendly networks PROXIEZ-NET was knocked offline after the plug was pulled on its upstream service provider, security watchers said. Read the full article. The Register...