CVE-2024-11168 Improper validation of IPv6 and IPvFuture addresses

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

PSF-2024-13

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

PT-2024-4148 · Apache · Apache Directory Ldap Api

Name of the Vulnerable Software and Affected Versions: Apache Directory LDAP API affected versions not specified Description: The issue is related to a lack of control over user-input data in the LDAP URL parser component. This can be exploited by a remote attacker to cause a denial of service...

Regular Expression Denial Of Service (ReDoS)

s3-url-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to a regex with inefficient complexity, allowing an attacker to craft long s3 URLS that triggers excessive resource consumption, leading to denial of service...

s3-url-parser vulnerable to Denial of Service via regexes component

s3-url-parser 1.0.3 is vulnerable to denial of service via the regexes component...

@alezanai/torquator (>=1.0.0 <=1.5.0), singwareplayercreator (=1.1.0) potentially affected by CVE-2024-25355 via s3-url-parser (=1.0.3)

s3-url-parser NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on s3-url-parser and may be impacted: - @alezanai/torquator =1.0.0, =1.5.0 - singwareplayercreator =1.1.0 Source cves: CVE-2024-25355 Source advisory: OSV:GHSA-R4Q9-XX5G-J24P...

CVE-2024-25355

s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...

CVE-2024-25355

s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...

CVE-2024-25355

s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...

CVE-2024-25355

CVE-2024-25355 affects s3-url-parser 1.0.3 with a Regular Expression Denial Of Service (ReDoS) via the regexes component. The connected IBM Red Hat bulletin lists affected product: IBM Cloud Pak for Multicloud Management (CP4MCM) 2.3 to 2.3 FP8, with remediation to upgrade to 2.3 Fix Pack 9. The ...

npm s3-url-parser 安全漏洞

npm s3-url-parser is a library from npm USA. It is used to bring up information from S3 URLs in any format. A security vulnerability exists in npm s3-url-parser version 1.0.3, which stems from the application's vulnerability to denial-of-service attacks with regular expression components...

PT-2024-20899 · Unknown · S3-Url-Parser

Name of the Vulnerable Software and Affected Versions: s3-url-parser version 1.0.3 Description: The issue is related to a denial of service via the regexes component. Recommendations: For s3-url-parser version 1.0.3, consider disabling the regexes component as a temporary workaround until a patch...

RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

GitLab 6.6 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-3514)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An...

Ubuntu 16.04 ESM / 18.04 ESM : Node.js vulnerabilities (USN-4796-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4796-1 advisory. Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An...

Regular Expression Denial Of Service (ReDoS)

giturlparse is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in giturlparser.py which allows an attacker to send a payload in a URL which can cause an application crash due to inefficient regular expression complexity...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-083)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-083 advisory. 2024-02-15: CVE-2022-27781 was added to this advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the...

SUSE CVE-2018-12123

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" e.g. "javAscript:" protoc...

SUSE CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

GitLab < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 DoS (CVE-2022-3514)

The version of GitLab installed on the remote host is prior to 15.5.7, 15.6.4, 15.7.2. It is, therefore, affected by a denial of service vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-7-2-RELEASED advisory. - An issue has been discovered in GitLab CE/EE affecting all versions...