CVE-2022-27780

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-177
View all →

Vulnerability Description

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.

Related Vulnerabilities

CVE-2018-3718

MEDIUM
CVSS:5.3(Medium)

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

CWE-1772018

CVE-2022-3854

MEDIUM
CVSS:6.5(Medium)

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

CWE-1772022

CVE-2022-3854

MEDIUM
CVSS:6.5(Medium)

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

CWE-1772022

CVE-2018-3718

MEDIUM
CVSS:5.3(Medium)

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

CWE-1772018

CVE-2024-48866

LOW

An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to ru...

CWE-1772024