Directory Traversal

Overview github.com/containous/traefik/pkg/server is a server package for traefik, a cloud native edge router. Affected versions of this package are vulnerable to Directory Traversal when using the PathPrefix, Path, or PathRegex route matchers. An attacker can target a backend exposed using anoth...

Traefik allows path traversal using url encoding

Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target ...

GHSA-VRCH-868G-9JX5 Traefik allows path traversal using url encoding

Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target ...

PT-2025-23099 · Traefik · Traefik

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.11.25 Traefik versions prior to 3.4.1 Description: There is a potential issue in Traefik when managing requests using a PathPrefix, Path or PathRegex matcher. If the URL contains a URL encoded string in its path,...

PT-2025-23052 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.13.0 through 2.1.0 Description: The issue is related to the deserialization of untrusted data in Apache InLong, which can lead to the bypass of JDBC URL encoding and backspace. This can potentially cause security...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2024-48866

An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...

CVE-2024-23983

Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules...

CVE-2023-47106

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

CVE-2020-11821

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...

CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

CVE-2019-5590

The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML form...

CVE-2019-18209

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...

CVE-2012-6431

Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string...

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

GHSA-7V2W-H4GH-W5CV Gradio Vulnerable to Open Redirect

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

CVE-2024-8021

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

CVE-2024-8021

CVE-2024-8021 is an open redirect vulnerability in gradio-app/gradio identified across multiple sources. The issue allows an attacker to trigger a 302 redirect to a malicious site by exploiting URL encoding, effectively steering users to attacker-controlled destinations via crafted requests. Affe...

CVE-2024-8021 Open Redirect in gradio-app/gradio

An open redirect vulnerability exists in the latest version of gradio-app/gradio. The vulnerability allows an attacker to redirect users to a malicious website by URL encoding. This can be exploited by sending a crafted request to the application, which results in a 302 redirect to an...

USN-7351-1: RESTEasy vulnerabilities

Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. CVE-2020-10688 Mirko Selber discovered that RESTEasy improperly validated user input...