Fallos del tipo CWE-177
10 resultadosCVE-2022-27780MEDIUMThe curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *differentEPSS 2.2%CVE-2018-3718—serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.EPSS 1.3%CVE-2022-3854MEDIUMA flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URLEPSS 0.6%CVE-2026-22031HIGHFastify Middie Middleware Path BypassEPSS 0.5%CVE-2026-29045HIGHHono: Arbitrary file access via serveStatic vulnerabilityEPSS 0.4%CVE-2024-48866LOWQTS, QuTS heroEPSS 0.4%CVE-2024-23983MEDIUMAccess rules for PingAccess may be circumvented with URL-encoded charactersEPSS 0.4%CVE-2026-6414MEDIUM@fastify/static vulnerable to route guard bypass via encoded path separatorsEPSS 0.4%CVE-2026-22037HIGH@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)EPSS 0.3%CVE-2025-11990LOWImproper Handling of URL Encoding (Hex Encoding) in GitLabEPSS 0.3%