CVE-2026-42551 Flight: HTTP method override enabled by default enables CSRF escalation and middleware bypass in flightphp/core

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...

EUVD-2018-0315

Malware in sbrugna...

Mozilla: Denial of Access to Static Resources via Cache Poisoning on addons.allizom.org

A cache poisoning vulnerability was identified on addons.allizom.org that allowed an attacker to block access to static resources such as images and JavaScript files. The issue was exploited by processing the X-HTTP-Method-Override header, which was honored by the origin server and treated the...

WP < 6.3.2 - Denial of Service via Cache Poisoning

Description A Denial of Service could occur via Cache Poisoning when the X-HTTP-Method-Override header is sent in a request to the REST API in an heavily cached configuration...

GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845

This post delves into a very impactful JWT Authentication Bypass vulnerability CVE-2023-30845 found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows malicious API clients to bypass JWT authentication...

CVE-2023-30845 ESPv2 vulnerable to JWT authentication bypass via `X-HTTP-Method-Override` header

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

CVE-2023-30845 ESPv2 vulnerable to JWT authentication bypass via `X-HTTP-Method-Override` header

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

Cross site scripting

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

AlmaLinux 8 : thunderbird (ALSA-2022:8547)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8547 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...

CVE-2022-45411

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers placed limits on fetch and XMLHttpReques...

GitLab: Cache poisoning Denial of Service affecting assets.gitlab-static.net

Summary Hi, Gitlab.com is hosting JS and CSS on https://assets.gitlab-static.net/ and uses them on gitlab.com/ The static files seem to be stored on a gcp host, which by default accepts the x-http-method-override header. Since the CDN is using Varnish to cache files, I was able to combine the GCP...

CVE-2019-19326

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...

Design/Logic Flaw

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...

method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header

Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header. Recommendation Update to version 2.3.10 or later...

Regular Expression Denial Of Service (ReDoS)

method-override is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists when parsing malicious X-HTTP-Method-Override header...

CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

Regular Expression Denial of Service

Overview Affected versions of method-override are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the X-HTTP-Method-Override header. Recommendation Update to version 2.3.10 or later References GitHub Advisory...

Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Ruby on Rails JSON Processor YAML...