Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 7:11 p.m.13 views

AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to Channel Subscribers

Summary objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail, which substitutes it directly into an HTML email template via strreplace on the message placeholder and renders it with PHPMailer::msgHTML. There is no HTML sanitization, character...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 7:8 p.m.13 views

AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover

Summary plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly from the users table. AVideo's own login endpoint objects/login.json.php accept...

6.8CVSS5.8AI score0.00285EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 7:7 p.m.10 views

AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass

Summary The server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink prior advisory GHSA-gph2-j4c9-vhhr, commit c08694bf6 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound message from $msg'json' before $msg'msg'. An...

7.2CVSS6AI score0.00238EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:58 p.m.14 views

AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server

Summary plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. The unauthenticated error branch was intended to reject non-admin callers...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:57 p.m.9 views

PPTAgent: Arbitrary File Write via `save_generated_slides`

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...

4.6CVSS5.9AI score0.00198EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:57 p.m.6 views

PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.executeactions pptagent/apis.py:126-205 processes LLM-generated slide editing actions using Python's eval: python pptagent/apis.py:184-186 partialfunc =...

8.6CVSS6AI score0.00144EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:55 p.m.9 views

PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image

Summary The markdowntabletoimage tool accepts a caller-controlled path parameter and passes it directly to gethtmltableimage: python pptagent/mcpserver.py:127-143 def markdowntabletoimagemarkdowntable: str, path: str, css: str - str: """ Args: path str: The file path where the image will be saved...

4.6CVSS5.9AI score0.00198EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:52 p.m.8 views

S3-Proxy has Security Issues in its Resource Path Matching Implementation

Background The original concern is functional: a resource pattern should treat a percent-encoded segment like some%2Fvalue as a single opaque token rather than splitting it into two path segments at the decoded /. Investigation into why %2F was being decoded and how routes matched against the...

9.4CVSS5.5AI score0.00554EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:46 p.m.6 views

awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/05 6:46 p.m.9 views

awslabs/tough Delegated Roles have a Signature Threshold Bypass

Summary Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegate...

7CVSS5.8AI score0.00262EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/05 6:44 p.m.7 views

OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes

Summary The agent-facing gateway tool protects config.apply and config.patch with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:43 p.m.6 views

OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Summary OpenClaw's bundled plugin setup resolver could fall back to process.cwd while resolving provider setup metadata. If a user ran an OpenClaw command from an attacker-controlled repository containing extensions//setup-api.js, OpenClaw could load and execute that JavaScript during ordinary...

8.4CVSS6.4AI score0.00144EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:42 p.m.13 views

OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Summary OpenClaw webhooks allowed route secrets to be backed by SecretRef values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran openclaw secrets reload, the previous resolved webhook secret could remain valid until the plugin or gateway...

6CVSS5.8AI score0.00288EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:42 p.m.12 views

@workos/authkit-session has an Open Redirect via state-derived redirect target

An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:37 p.m.13 views

External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore

Impact Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set. This bypassed the namespace boundary enforced for SecretStore-backed references in providers that rely on the shared runtime CA...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:35 p.m.7 views

Microdot has HTTP response splitting in Response.set_cookie()

Impact The Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection attack through this issue to be possible, an attacker must...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.17 views

OpenStack Horizon has Incorrect Behavior Order

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.11 views

Langchain-Chatchat Uses Insufficiently Random Values

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

2.6CVSS4.9AI score0.00235EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.17 views

Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

2.6CVSS5.1AI score0.00162EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.11 views

Eclipse BaSyx Java Server SDK vulnerable to Path Traversal

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6.2AI score0.03678EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.10 views

Django Uses Cache Containing Sensitive Information

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.7AI score0.00358EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.10 views

Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.3AI score0.00516EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.13 views

Django has an Improper Handling of Length Parameter Inconsistency

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.14 views

Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS5.1AI score0.0014EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.8 views

Django Uses Persistent Cookies Containing Sensitive Information

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:28 p.m.19 views

Langflow Knowledge Bases API is Vulnerable to Path Traversal

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...

9.6CVSS6AI score0.04417EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:28 p.m.15 views

@tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin

Summary Anonymous GitHub fetches repository content e.g., markdown files from GitHub's API and renders it without sanitization. On the client side, markdown is parsed with marked with sanitize: false and injected into the DOM via $sce.trustAsHtml + ng-bind-html, bypassing AngularJS's built-in XSS...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:27 p.m.10 views

Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection

Summary Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same...

5.3CVSS5.9AI score0.00307EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:21 p.m.13 views

FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft

Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...

9.9CVSS6AI score0.00272EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:13 p.m.17 views

Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...

8.6CVSS5.9AI score0.00382EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:10 p.m.14 views

JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:8 p.m.14 views

Diesel's SQLite backend has possible UTF-8 corruption

Diesel uses the sqlite3valuetext function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding SQLite documentation that this function always returns a UTF-8 encoded string values as const cchar. Based on that we used str::fromutf8unchecked to...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 6:4 p.m.16 views

LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution

Summary The vulnerability was automatically discovered by an ai agent and then manually verified. LobeChat's message rendering mechanism has a stored cross-site scripting XSS vulnerability. Combined with the Electron main process's exposed insecure IPC interface, attackers can construct malicious...

6.2CVSS6.5AI score0.00266EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 5:58 p.m.10 views

Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00447EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 5:51 p.m.9 views

edx-enterprise has SSRF via SAML metadata URL in sync_provider_data endpoint

Summary The syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger...

8.5CVSS6.1AI score0.00301EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 5:25 p.m.15 views

Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

8.7CVSS6AI score0.00471EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 5:24 p.m.14 views

webonyx/graphql-php has unbounded recursion in parser that causes stack overflow on crafted nested input

Summary GraphQL\Language\Parser is a recursive descent parser with no recursion depth limit and no zend.maxallowedstacksize interaction. Crafted nested queries trigger a SIGSEGV in the PHP runtime, killing the FPM/CLI worker process. Smallest crashing payload is approximately 74 KB. Affected...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 5:20 p.m.14 views

ots has a negative expire override that can bypass its secret retention policy

Summary The /api/create endpoint accepted negative expire query values. For the memory storage backend, negative values were passed to secret creation as a negative duration and treated as no expiry, allowing callers to create secrets that persisted longer than intended. Impact Unauthenticated...

5.7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 5:15 p.m.23 views

nuts-node has JWT type confusion in v1 access token introspection that allows VP replay as access token

Summary The v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims. This allows a Verifiable Presentation VP JWT to be replayed as an access token and...

4.4CVSS5.8AI score0.00076EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 5:3 p.m.11 views

Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart

Summary A persistent cookie secret vulnerability allows authenticated users to maintain indefinite access even after password changes. The cookie secret used to sign authentication cookies is stored in a permanent file /.local/share/jupyter/runtime/jupytercookiesecret that is never automatically...

7.6CVSS5.8AI score0.00308EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 4:54 p.m.9 views

Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)

Jupyter Server uses re.match to validate the Origin header against the alloworiginpat configuration. Since re.match only anchors at the start of the string, an attacker who controls a domain like http://trusted.example.com.evil.com/ passes validation against a pattern intended to match only...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 4:49 p.m.8 views

Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories

Summary Jupyter Server =2.17.0 can access directories sibling to the root directory, if it starts with the root dir's name. PoC Minimal: . ├── test/ - root directory. │ └── test.txt └── testtest/ └── secret.txt - file to exfiltrate that we should not be able to access via API bash...

8.8CVSS5.8AI score0.00583EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 4:44 p.m.9 views

VM2 Has a WASM Sandbox Escape

Summary Full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. Details Confirmed on: vm2 3.10.4, Node.js v25.6.1 x64 Linux Trigger: Attacker-controlled code passed to VM.run Requires: Node.js...

9.8CVSS6.2AI score0.00921EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 4:33 p.m.10 views

VM2 Has a Sandbox Escape Issue via SuppressedError

In vm2 v3.10.4 on Node.js v24.13.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. PoC js const VM = require"vm2"; const vm = new VM; vm.run const ds = new DisposableStack; ds.defer = throw null; ; ds.defer = const e = Error; e.name = Symbol; e.stack; ; try...

10CVSS5.9AI score0.0071EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 4:33 p.m.9 views

VM2 Has Sandbox Breakout Through Inspect Function

Summary VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The node inspect method allows to log details of objects. To get to the...

9.8CVSS6.2AI score0.01186EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 4:32 p.m.10 views

Jupyter Server has an open redirection vulnerability in `next` query parameter

Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...

6.3CVSS6AI score0.00265EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 4:23 p.m.10 views

VM2 Has Sandbox Breakout Through Promise Species

Summary The fix for https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The fix for...

9.8CVSS6.5AI score0.00896EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 12:31 p.m.28 views

OpenClaw contains a symlink traversal vulnerability

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 9:31 a.m.8 views

Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.3CVSS5.8AI score0.00632EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 9:31 a.m.14 views

Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

7.3CVSS5.8AI score0.00394EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33227