CVEbaza.plSłownik CWECWE-186
Common Weakness Enumeration

CWE-186

Overly Restrictive Regular Expression

Kategoria: BaseCVE: 2
Opis

Wyrażenie regularne jest zbyt restrykcyjne, co uniemożliwia wykrycie niebezpiecznych wartości. Taka konfiguracja może pozwolić na przejście złośliwych danych przez filtr bezpieczeństwa.

Description (EN)

A regular expression is overly restrictive, which prevents dangerous values from being detected.

Podatności CVE z CWE-186 (2)
5.3
CVSS
MEDIUM
CVE-2025-46821

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. As a workaround, configure additional RBAC permissions using `url_path` with `safe_regex` expression.

pub. 2025-05-07
2.1
CVSS
LOW
CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will cause the first command to eventually fail, but also prevents it from returning until another command is sent (from another thread). That other command will not return until the connection is closed. This vulnerability is fixed in 0.6.5 and 0.5.15.

pub. 2026-06-22
Informacje
ID: CWE-186
Typ: Base
Podatności: 2
MITRE CWE ↗
← Słownik CWE