2 matches found
GHSA-Q9F5-625G-XM39 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...
CVE-2020-6827
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. Note: This issue only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...