Vulnerabilities > Embedthis
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2021-33254 | NULL Pointer Dereference vulnerability in Embedthis Appweb 8.2.1 An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. | 5.0 |
| 2022-01-25 | CVE-2021-43298 | Improper Restriction of Excessive Authentication Attempts vulnerability in Embedthis Goahead The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. | 5.0 |
| 2021-10-14 | CVE-2021-42342 | Unrestricted Upload of File with Dangerous Type vulnerability in Embedthis Goahead An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. | 7.5 |
| 2020-07-23 | CVE-2020-15688 | Authentication Bypass by Capture-replay vulnerability in Embedthis Goahead The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. | 8.8 |
| 2020-07-13 | CVE-2020-15689 | NULL Pointer Dereference vulnerability in Embedthis Appweb Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. | 7.5 |
| 2019-12-03 | CVE-2019-5097 | Infinite Loop vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 5.0 |
| 2019-12-03 | CVE-2019-5096 | Use After Free vulnerability in Embedthis Goahead 3.6.5/4.1.1/5.0.1 An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. | 7.5 |
| 2019-11-22 | CVE-2019-19240 | Use of Uninitialized Resource vulnerability in Embedthis Goahead Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. | 5.0 |
| 2019-09-20 | CVE-2019-16645 | Code Injection vulnerability in Embedthis Goahead 2.5.0 An issue was discovered in Embedthis GoAhead 2.5.0. | 5.0 |
| 2019-06-14 | CVE-2019-12822 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Embedthis Goahead In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | 5.0 |