Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/06 11:1 p.m.10 views

Directory Traversal

Overview nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Directory Traversal via the routeRules function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs containing...

6.9CVSS6.3AI score0.00392EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 11:1 p.m.8 views

Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`

A proxy route rule like: ts routeRules: "/api/orders/": proxy: to: "http://upstream/orders/" is intended to limit the proxy to URLs under /api/orders/. Before the patch, an attacker could bypass that scope by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.25 views

Authorization bypass in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. Specific Go...

6.8CVSS6.5AI score0.011EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2020/10/01 5:15 p.m.18 views

Code injection

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...

4.9CVSS6.6AI score0.011EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder