16 matches found
CVE-2026-47358
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...
CVE-2026-47358
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...
PT-2026-41954
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...
Server-Side Request Forgery (SSRF)
apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...
Server-Side Request Forgery (SSRF)
@angular/ssr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server to...
EUVD-2025-34823
Angular SSR has a Server-Side Request Forgery SSRF flaw...
Angular SSR has a Server-Side Request Forgery (SSRF) flaw
Impact The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr. The function createRequestUrl uses the native URL constructor. When an incoming request path e.g., originalUrl or url begins with a doub...
GHSA-Q63Q-PGMF-MXHR Angular SSR has a Server-Side Request Forgery (SSRF) flaw
Impact The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr. The function createRequestUrl uses the native URL constructor. When an incoming request path e.g., originalUrl or url begins with a doub...
CVE-2025-62427
CVE-2025-62427 describes a Server-Side Request Forgery in Angular SSR. The vulnerability arises in the @angular/ssr package where createRequestUrl uses the native URL constructor; if an incoming request path starts with // or \, the URL becomes schema-relative, causing the attacker-controlled hos...
CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR
The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...
CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR
The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function...
Open Redirect
silverstripe/framework is vulnerable to Open Redirect. The vulnerability is due to using the X-Forwarded-Host HTTP header in place of the actual HTTP hostname, potentially allowing attackers to alter URL resolution resulting in arbitrary redirections...
GHSA-25GQ-JVX2-VG9X Silverstripe X-Forwarded-Host request hostname injection
A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution. If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an...
PT-2024-40008 · Nginx · Nginx
Name of the Vulnerable Software and Affected Versions: No specific software name or version is mentioned, so the description is not applicable in this section. Description: A potential hostname injection issue has been discovered, which could allow attackers to alter URL resolution. If a request...
@hono/node-server cannot handle "double dots" in URL
Impact Since v1.3.0, we use our own Request object. This is great, but the url behavior is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request will be in the resolved path. ts const req = new...
CSRF bypass
Description URL parsing with Qwik uses the new URLa, b constructor. A little-known fact about this constructor is that if an attacker controls a they have complete control of the finally resolved URL. For example: const url = new URLattackervalue, "http://localhost" By entering //test.com, we can...