Lucene search
K

10 matches found

NVD
NVD
added 2026/05/13 9:16 p.m.9 views

CVE-2026-44372

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...

6.1CVSS0.00237EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 8:30 p.m.8 views

CVE-2026-44372 Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/06 11:2 p.m.8 views

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitro versions 3.0.260429-beta...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References7Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.2 views

SUSE CVE-2015-7581

actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...

7.5CVSS6.8AI score0.06535EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/02/10 3:27 a.m.62 views

StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route

Summary When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate any class path resource. Details When computing the relative path to locate the resource, in cas...

5.3CVSS5.7AI score0.00919EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/09 5:36 p.m.7 views

CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...

4.8CVSS5.4AI score0.00919EPSS
Exploits1References3
OSV
OSV
added 2018/09/17 9:53 p.m.7 views

GHSA-544J-77X9-H938 Moderate severity vulnerability that affects actionpack

Withdrawn, accidental duplicate publish. actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's...

7.5CVSS7.2AI score0.06535EPSS
Exploits0References2
OSV
OSV
added 2016/02/16 2:59 a.m.8 views

CVE-2015-7581

actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...

7.5CVSS7.2AI score
Exploits0References10
OSV
OSV
added 2016/02/16 2:59 a.m.1 views

DEBIAN-CVE-2015-7581

actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...

7.5CVSS7.2AI score0.06535EPSS
Exploits0References1
OSV
OSV
added 2016/02/16 2:59 a.m.6 views

UBUNTU-CVE-2015-7581

actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...

7.5CVSS7.1AI score0.06535EPSS
Exploits0References3
Rows per page
Query Builder