CVE-2018-12116

HIGH Year: 2018
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-115
View all →

Vulnerability Description

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

Related Vulnerabilities

CVE-2021-0207

HIGH
CVSS:7.5(High)

An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon rece...

CWE-1152021

CVE-2024-11169

HIGH
CVSS:7.5(High)

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user...

CWE-1152024

CVE-2025-32908

HIGH
CVSS:7.5(High)

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

CWE-1152025

CVE-2022-20915

HIGH
CVSS:7.4(High)

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of servi...

CWE-1152022

CVE-2022-1233

MEDIUM
CVSS:6.5(Medium)

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.

CWE-1152022

CVE-2022-21672

MEDIUM
CVSS:6.5(Medium)

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt an...

CWE-1152022