Lucene search
K

51 matches found

OSV
OSV
added 2025/04/24 4:7 p.m.5 views

GHSA-VQFR-H8MV-GHFJ h11 accepts some malformed Chunked-Encoding bodies

Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - \r\n - leng...

9.1CVSS6.8AI score0.00527EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2025/04/24 12:0 a.m.6 views

h11 accepts some malformed Chunked-Encoding bodies

h11 reports: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since...

9.1CVSS9.5AI score0.00527EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.4 views

PT-2025-17448 · Traefik · Traefik

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.11.24 Traefik versions prior to 3.3.6 Traefik versions prior to 3.4.0-rc2 Description: The issue concerns Traefik, an HTTP reverse proxy and load balancer, where a potential vulnerability exists in managing request...

9.9CVSS4.5AI score0.00955EPSS
Exploits1References44
Amazon
Amazon
added 2025/04/16 12:0 a.m.25 views

Important: golang

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.1AI score0.00778EPSS
Exploits0
NVD
NVD
added 2025/04/03 9:15 a.m.12 views

CVE-2024-53868

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue...

7.5CVSS0.00626EPSS
Exploits0References2
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-6827

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS0.00738EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 10:10 a.m.9 views

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

5.3CVSS6.5AI score0.00642EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 2:0 p.m.7 views

CVE-2020-4074

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6...

10CVSS7AI score0.01761EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.8 views

PT-2024-8690

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.10.11 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A flaw exists in the Python parser's handling of newlines within chunk extensions, potentially leading to request...

8.2CVSS7.1AI score0.01085EPSS
Exploits0References214
Cvelist
Cvelist
added 2024/08/12 12:0 a.m.17 views

CVE-2024-42627

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/snippet/delete/3...

0.00279EPSS
Exploits1References1
OSV
OSV
added 2022/10/01 5:48 p.m.9 views

MGASA-2022-0349 Updated perl-HTTP-Daemon packages fix security vulnerability

Request smuggling in HTTP::Daemon CVE-2022-31081...

7.3CVSS7.1AI score0.02108EPSS
Exploits1References3
OSV
OSV
added 2022/05/15 10:6 a.m.11 views

MGASA-2022-0182 Updated python-waitress packages fix security vulnerability

When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-en...

7.5CVSS7.4AI score0.01738EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2021/07/29 6:31 a.m.2 views

CVEproject

CV...

5.4AI score
Exploits0
Prion
Prion
added 2021/05/27 9:15 p.m.8 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none...

7.1AI score
Exploits0
Prion
Prion
added 2021/04/09 5:15 p.m.6 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...

7.1AI score
Exploits0
Prion
Prion
added 2021/04/08 3:15 p.m.5 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019...

7.1AI score
Exploits0
CNVD
CNVD
added 2021/02/22 12:0 a.m.7 views

Unspecified Vulnerability in Rust (CNVD-2021-36329)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2.3.0. The vulnerability stems from the possibility of request smuggling when the program is used behind a reverse proxy. No detailed vulnerability...

6.1CVSS6.6AI score0.00815EPSS
Exploits0References1
Prion
Prion
added 2021/01/26 6:15 p.m.7 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none...

7.1AI score
Exploits0
OSV
OSV
added 2019/05/21 4:29 p.m.7 views

CVE-2019-12250

IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not...

6.1CVSS6AI score
Exploits0References1
NVD
NVD
added 2018/07/05 10:29 p.m.12 views

CVE-2018-13340

Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request...

8.8CVSS8.7AI score0.0065EPSS
Exploits1References1
Rows per page
Query Builder