CVE-2022-3854

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-177
View all →

Vulnerability Description

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.

Related Vulnerabilities

CVE-2018-3718

MEDIUM
CVSS:5.3(Medium)

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

CWE-1772018

CVE-2022-27780

MEDIUM
CVSS:5.3(Medium)

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.Fo...

CWE-1772022

CVE-2018-3718

MEDIUM
CVSS:5.3(Medium)

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

CWE-1772018

CVE-2022-27780

MEDIUM
CVSS:5.3(Medium)

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.Fo...

CWE-1772022

CVE-2024-48866

LOW

An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to ru...

CWE-1772024