Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:28862
HistoryDec 31, 2020 - 7:32 a.m.

Hostname Spoofing

2020-12-3107:32:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
urijs
hostname spoofing
backslash character
at character
authorization bypass

EPSS

0.001

Percentile

30.8%

JSON

urijs is vulnerable to hostname spoofing. The hostname can be spoofed by using a backslash \\ character followed by an @ character, which could potentially allow an attacker to bypass authorization if the hostname is used in security decisions.

Related

ibm 2
osv 2
prion 1
cvelist 1
redhatcve 1
github 1
nodejs 1
nvd 1
cve 1
redhat 1
ibm
ibm
Security Bulletin: A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management.
2021-05-07 18:40:23
Security Bulletin: IBM App Connect Enterprise Certified Container flows may be vulnerable to spoofing attacks (CVE-2020-26291)
2021-04-29 11:17:57
osv
osv
CVE-2020-26291
2020-12-31 00:15:12
Hostname spoofing via backslashes in URL
2020-12-30 23:40:48
prion
prion
Design/Logic Flaw
2020-12-31 00:15:00
cvelist
cvelist
CVE-2020-26291 Hostname spoofing in URI.js
2020-12-30 23:40:16
redhatcve
redhatcve
CVE-2020-26291
2021-01-12 11:24:27
github
github
Hostname spoofing via backslashes in URL
2020-12-30 23:40:48
nodejs
nodejs
Hostname spoofing via backslashes in URL
2021-01-06 19:45:17
nvd
nvd
CVE-2020-26291
2020-12-31 00:15:12
cve
cve
CVE-2020-26291
2020-12-31 00:15:12
redhat
redhat
(RHSA-2021:3917) Important: Red Hat Quay v3.6.0 security, bug fix and enhancement update
2021-10-19 12:05:33

EPSS

0.001

Percentile

30.8%

JSON
Related for VERACODE:28862
ibm2osv2prion1cvelist1redhatcve1github1nodejs1nvd1cve1redhat1