Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
undici vulnerable to HTTP header injection via Set-Cookie percent-decoding
form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)
Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier
guzzlehttp/psr7 has CRLF Injection via URI Host Component
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections
Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections
Multipart form-data header injection in Req via unescaped name/filename/content_type
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections
In libinput before 1
Etsy::StatsD versions through 1.002002 for Perl allow metric injections
Net::Statsd versions before 0.13 for Perl allow metric injections
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections
CRLF injection in HTTP/1 request line via unvalidated method in Mint
cpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection
Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections
eventsource-encoder: SSE event injection via unsanitized event and id fields
CRLF injection in WebSocket upgrade request in hackney
Showing 1 - 20 of 1,000+ results