204 matches found
CVE-2025-0938
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...
K000148643: Curl vulnerability CVE-2022-27780
Security Advisory Description The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allow...
CVE-2024-11168
A flaw was found in Python. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery SSRF if a URL is...
CVE-2024-11168
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
PSF-2024-13
The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...
PT-2024-4148 · Apache · Apache Directory Ldap Api
Name of the Vulnerable Software and Affected Versions: Apache Directory LDAP API affected versions not specified Description: The issue is related to a lack of control over user-input data in the LDAP URL parser component. This can be exploited by a remote attacker to cause a denial of service...
Regular Expression Denial Of Service (ReDoS)
s3-url-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to a regex with inefficient complexity, allowing an attacker to craft long s3 URLS that triggers excessive resource consumption, leading to denial of service...
@alezanai/torquator (>=1.0.0 <=1.5.0), singwareplayercreator (=1.1.0) potentially affected by CVE-2024-25355 via s3-url-parser (=1.0.3)
s3-url-parser NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on s3-url-parser and may be impacted: - @alezanai/torquator =1.0.0, =1.5.0 - singwareplayercreator =1.1.0 Source cves: CVE-2024-25355 Source advisory: OSV:GHSA-R4Q9-XX5G-J24P...
s3-url-parser vulnerable to Denial of Service via regexes component
s3-url-parser 1.0.3 is vulnerable to denial of service via the regexes component...
CVE-2024-25355
s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...
npm s3-url-parser 安全漏洞
npm s3-url-parser is a library from npm USA. It is used to bring up information from S3 URLs in any format. A security vulnerability exists in npm s3-url-parser version 1.0.3, which stems from the application's vulnerability to denial-of-service attacks with regular expression components...
CVE-2024-25355
CVE-2024-25355 affects s3-url-parser 1.0.3 with a Regular Expression Denial Of Service (ReDoS) via the regexes component. The connected IBM Red Hat bulletin lists affected product: IBM Cloud Pak for Multicloud Management (CP4MCM) 2.3 to 2.3 FP8, with remediation to upgrade to 2.3 Fix Pack 9. The ...
CVE-2024-25355
s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...
PT-2024-20899 · Unknown · S3-Url-Parser
Name of the Vulnerable Software and Affected Versions: s3-url-parser version 1.0.3 Description: The issue is related to a denial of service via the regexes component. Recommendations: For s3-url-parser version 1.0.3, consider disabling the regexes component as a temporary workaround until a patch...
CVE-2024-25355
s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...
RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
GitLab 6.6 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-3514)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An...
Ubuntu 16.04 ESM / 18.04 ESM : Node.js vulnerabilities (USN-4796-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4796-1 advisory. Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An...
Regular Expression Denial Of Service (ReDoS)
giturlparse is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in giturlparser.py which allows an attacker to send a payload in a URL which can cause an application crash due to inefficient regular expression complexity...