10 matches found
CVE-2026-44372
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...
CVE-2026-44372 Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitro versions 3.0.260429-beta...
SUSE CVE-2015-7581
actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...
StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route
Summary When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate any class path resource. Details When computing the relative path to locate the resource, in cas...
CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...
GHSA-544J-77X9-H938 Moderate severity vulnerability that affects actionpack
Withdrawn, accidental duplicate publish. actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's...
CVE-2015-7581
actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...
DEBIAN-CVE-2015-7581
actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...
UBUNTU-CVE-2015-7581
actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...