GHSA-34XG-WGJX-8XPH guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

SUSE CVE-2019-11717

A vulnerability exists where the caret "^" character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Design/Logic Flaw

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

UBUNTU-CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

CVE-2019-11717

A vulnerability exists where the caret "^" character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Mozilla: Caret character improperly escaped in origins

A vulnerability exists where the caret "^" character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-11717

A vulnerability exists where the caret "^" character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Mozilla Firefox < 68.0

The version of Firefox installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-21 advisory. - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such ...