Количество 2
Количество 2
CVE-2025-29914
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUEST_FILENAME will be set to /uploads/foo.php. This can lead to a rules bypass. This vulnerability is fixed in 3.3.3.
GHSA-q9f5-625g-xm39
OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-29914 OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUEST_FILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUEST_FILENAME will be set to /uploads/foo.php. This can lead to a rules bypass. This vulnerability is fixed in 3.3.3. | CVSS3: 5.4 | 0% Низкий | 11 месяцев назад |
| GHSA-q9f5-625g-xm39 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` | CVSS3: 5.4 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу