16 matches found
CVE-2026-39399
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...
CVE-2026-32948
A flaw was found in sbt, a build tool for Scala and Java. On Windows, sbt uses the cmd /c command interpreter to execute version control system VCS commands. A remote attacker can exploit this by providing a specially crafted URI fragment such as a branch, tag, or revision name in the build...
GHSA-X4FF-Q6H8-V7GW sbt: Source dependency feature (via crafted VCS URL) leads to arbitrary code execution on Windows
Summary On Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without validation. Because cmd /c interprets &, |, and ; as command separators, a malicious...
EUVD-2021-19543
Malware in sbrugna...
CVE-2024-2928
A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...
CVE-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow
A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...
haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
ALSA-2024:1142 Moderate: haproxy security update
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 haproxy: untrimmed URI fragments may lead to exposure of confidential data on static...
Medium: haproxy
Issue Overview: HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server. CVE-2023-45539 Affected...
envoyproxy/envoy: HTTP request with a URL fragment in the URI can bypass authorization policies
An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...
envoyproxy/envoy: HTTP request with a URL fragment in the URI can bypass authorization policies
An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...
CVE-2021-39156
An authorization bypass vulnerability was found in istio/istio. An HTTP request is incorrectly evaluated when a URI fragment is specified. This flaw allows an attacker to bypass an Istio URI-based authorization rule. The highest threat from this vulnerability is to confidentiality, integrity, as...
CVE-2021-32779
CVE-2021-32779 affects Envoy, where a URI with a '#fragment' can be misinterpreted as part of the path. In affected Envoy releases prior to 1.18.0, or 1.18.0+ with path_normalization=false, the fragment may be treated as a path suffix (e.g., /admin#foo) and fail path checks, potentially leaking t...
VMware vRealize Operations Manager SSRF和文件读取漏洞(CVE-2021-21975 CVE-2021-21983)
Description On March 30, 2021, VMware published a security advisory for CVE-2021-21975 and CVE-2021-21983, two chainable vulnerabilities in its vRealize Operations Manager product. CVE-2021-21975 is an unauthenticated server-side request forgery SSRF, while CVE-2021-21983 is an authenticated...
Fedora 24 : php-guzzlehttp-guzzle6 (2016-4e7db3d437) (httpoxy)
6.2.1 - 2016-07-18 - Address HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/ - Fixing timeout bug with StreamHandler: https://github.com/guzzle/guzzle/pull/1488 - Only read up to Content-Length in PHP StreamHandler to avoid timeouts when a server does not honor Connection:...
HTTP Proxy header vulnerability
Addressing HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/. Please update to this version of Guzzle in order to mitigate the vulnerability when sending Guzzle requests inside of a CGI application. - Fixing timeout bug with StreamHandler - Only read up to Content-Length in...