CWE-177

5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-177page 1 of 1

CVE-2018-3718MEDIUMCVSS 5.3
2018-06-07
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
CVE-2022-27780HIGHCVSS 7.5EG 7.5
2022-06-02
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.c…
CVE-2022-3854MEDIUMCVSS 6.5EG 6.5
2023-03-06
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.
CVE-2024-23983MEDIUMCVSS 5.8EG 0.0
2024-11-11
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
CVE-2024-48866MEDIUMCVSS 5.3EG 5.3
2024-12-06
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We…

Map vulnerabilities like CWE-177 to your infrastructure

EchelonGraph correlates every CVE — across CWE-177 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →