Lucene search
K

204 matches found

Debian CVE
Debian CVE
added 2025/01/31 5:51 p.m.153 views

CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.4AI score0.01499EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/11/20 9:7 p.m.25 views

K000148643: Curl vulnerability CVE-2022-27780

Security Advisory Description The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allow...

7.5CVSS6.6AI score0.02187EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2024/11/12 11:5 p.m.24 views

CVE-2024-11168

A flaw was found in Python. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery SSRF if a URL is...

3.7CVSS9.2AI score0.0067EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/11/12 9:22 p.m.19 views

CVE-2024-11168

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

6.3CVSS6.4AI score0.0067EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/12 9:22 p.m.15 views

CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

6.3CVSS6.8AI score0.0067EPSS
Exploits0References7
OSV
OSV
added 2024/11/12 9:22 p.m.18 views

PSF-2024-13

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

6.3CVSS6.4AI score0.0067EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.7 views

PT-2024-4148 · Apache · Apache Directory Ldap Api

Name of the Vulnerable Software and Affected Versions: Apache Directory LDAP API affected versions not specified Description: The issue is related to a lack of control over user-input data in the LDAP URL parser component. This can be exploited by a remote attacker to cause a denial of service...

7.8CVSS7.1AI score
Exploits0References3
Veracode
Veracode
added 2024/05/10 3:50 p.m.22 views

Regular Expression Denial Of Service (ReDoS)

s3-url-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to a regex with inefficient complexity, allowing an attacker to craft long s3 URLS that triggers excessive resource consumption, leading to denial of service...

7.5CVSS6.9AI score0.00593EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/05/01 9:30 p.m.4 views

@alezanai/torquator (>=1.0.0 <=1.5.0), singwareplayercreator (=1.1.0) potentially affected by CVE-2024-25355 via s3-url-parser (=1.0.3)

s3-url-parser NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on s3-url-parser and may be impacted: - @alezanai/torquator =1.0.0, =1.5.0 - singwareplayercreator =1.1.0 Source cves: CVE-2024-25355 Source advisory: OSV:GHSA-R4Q9-XX5G-J24P...

7.5CVSS7.1AI score0.00593EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/01 9:30 p.m.17 views

s3-url-parser vulnerable to Denial of Service via regexes component

s3-url-parser 1.0.3 is vulnerable to denial of service via the regexes component...

7.5CVSS6.9AI score0.00593EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/05/01 7:15 p.m.17 views

CVE-2024-25355

s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...

7.5CVSS6.5AI score0.00593EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.6 views

npm s3-url-parser 安全漏洞

npm s3-url-parser is a library from npm USA. It is used to bring up information from S3 URLs in any format. A security vulnerability exists in npm s3-url-parser version 1.0.3, which stems from the application's vulnerability to denial-of-service attacks with regular expression components...

7.5CVSS7.8AI score0.00593EPSS
Exploits0References2
CVE
CVE
added 2024/05/01 12:0 a.m.72 views

CVE-2024-25355

CVE-2024-25355 affects s3-url-parser 1.0.3 with a Regular Expression Denial Of Service (ReDoS) via the regexes component. The connected IBM Red Hat bulletin lists affected product: IBM Cloud Pak for Multicloud Management (CP4MCM) 2.3 to 2.3 FP8, with remediation to upgrade to 2.3 Fix Pack 9. The ...

7.5CVSS6.7AI score0.00593EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/01 12:0 a.m.11 views

CVE-2024-25355

s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...

6.8AI score0.00593EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.11 views

PT-2024-20899 · Unknown · S3-Url-Parser

Name of the Vulnerable Software and Affected Versions: s3-url-parser version 1.0.3 Description: The issue is related to a denial of service via the regexes component. Recommendations: For s3-url-parser version 1.0.3, consider disabling the regexes component as a temporary workaround until a patch...

7.5CVSS9.1AI score0.00593EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/05/01 12:0 a.m.25 views

CVE-2024-25355

s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...

6.7AI score0.00593EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.40 views

RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS7.4AI score0.41288EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.32 views

GitLab 6.6 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-3514)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An...

5.3CVSS5.6AI score0.00842EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.33 views

Ubuntu 16.04 ESM / 18.04 ESM : Node.js vulnerabilities (USN-4796-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4796-1 advisory. Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An...

8.8CVSS7.2AI score0.41288EPSS
Exploits0References10
Veracode
Veracode
added 2023/05/17 8:56 a.m.19 views

Regular Expression Denial Of Service (ReDoS)

giturlparse is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in giturlparser.py which allows an attacker to send a payload in a URL which can cause an application crash due to inefficient regular expression complexity...

7.5CVSS6.7AI score0.01033EPSS
Exploits0References7Affected Software2
Rows per page
Query Builder