Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by nitro
CVE-2026-44373 (GCVE-0-2026-44373)
Vulnerability from nvd – Published: 2026-05-13 20:26 – Updated: 2026-05-14 13:16
VLAI
EPSS
VEX
Title
Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`
Summary
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nitrojs/nitro/security/advisor… | x_refsource_CONFIRM |
| https://github.com/nitrojs/nitro/pull/4222 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/pull/4223 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/releases/tag/v2.13.4 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/releases/tag/v3.… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44373",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T13:12:25.544148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T13:16:50.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nitro",
"vendor": "nitrojs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.260429-beta"
}
]
},
{
"product": "nitropack",
"vendor": "nitrojs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T20:26:28.255Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q"
},
{
"name": "https://github.com/nitrojs/nitro/pull/4222",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/pull/4222"
},
{
"name": "https://github.com/nitrojs/nitro/pull/4223",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/pull/4223"
},
{
"name": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4"
},
{
"name": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta"
}
],
"source": {
"advisory": "GHSA-5w89-w975-hf9q",
"discovery": "UNKNOWN"
},
"title": "Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44373",
"datePublished": "2026-05-13T20:26:28.255Z",
"dateReserved": "2026-05-05T20:15:20.631Z",
"dateUpdated": "2026-05-14T13:16:50.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44372 (GCVE-0-2026-44372)
Vulnerability from nvd – Published: 2026-05-13 20:30 – Updated: 2026-05-14 15:47
VLAI
EPSS
VEX
Title
Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Summary
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nitrojs/nitro/security/advisor… | x_refsource_CONFIRM |
| https://github.com/nitrojs/nitro/pull/4236 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/releases/tag/v2.13.4 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/releases/tag/v3.… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T15:46:57.649072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T15:47:06.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nitro",
"vendor": "nitrojs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.260429-beta"
}
]
},
{
"product": "nitropack",
"vendor": "nitrojs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T20:30:44.943Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m"
},
{
"name": "https://github.com/nitrojs/nitro/pull/4236",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/pull/4236"
},
{
"name": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4"
},
{
"name": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta"
}
],
"source": {
"advisory": "GHSA-9phm-9p8f-hw5m",
"discovery": "UNKNOWN"
},
"title": "Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44372",
"datePublished": "2026-05-13T20:30:44.943Z",
"dateReserved": "2026-05-05T20:15:20.631Z",
"dateUpdated": "2026-05-14T15:47:06.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-8713 (GCVE-0-2016-8713)
Vulnerability from nvd – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
VLAI
EPSS
VEX
Summary
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
Severity
8.8 (High)
CWE
- remote code error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96155 | vdb-entryx_refsource_BID |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
Impacted products
Date Public
2017-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nitro Pro",
"vendor": "Nitro",
"versions": [
{
"status": "affected",
"version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
],
"datePublic": "2017-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:16:47.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nitro Pro",
"version": {
"version_data": [
{
"version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
}
]
},
"vendor_name": "Nitro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96155"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0226/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8713",
"datePublished": "2017-02-10T17:00:00.000Z",
"dateReserved": "2016-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8711 (GCVE-0-2016-8711)
Vulnerability from nvd – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
VLAI
EPSS
VEX
Summary
A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.
Severity
8.8 (High)
CWE
- remote code error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96155 | vdb-entryx_refsource_BID |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
Impacted products
Date Public
2017-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nitro Pro",
"vendor": "Nitro",
"versions": [
{
"status": "affected",
"version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
],
"datePublic": "2017-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:16:45.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nitro Pro",
"version": {
"version_data": [
{
"version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
}
]
},
"vendor_name": "Nitro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96155"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0224/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8711",
"datePublished": "2017-02-10T17:00:00.000Z",
"dateReserved": "2016-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8709 (GCVE-0-2016-8709)
Vulnerability from nvd – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
VLAI
EPSS
VEX
Summary
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
Severity
8.8 (High)
CWE
- remote code error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96155 | vdb-entryx_refsource_BID |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
Impacted products
Date Public
2017-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nitro Pro",
"vendor": "Nitro",
"versions": [
{
"status": "affected",
"version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
],
"datePublic": "2017-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:16:42.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nitro Pro",
"version": {
"version_data": [
{
"version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
}
]
},
"vendor_name": "Nitro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96155"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0218/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8709",
"datePublished": "2017-02-10T17:00:00.000Z",
"dateReserved": "2016-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-44372 (GCVE-0-2026-44372)
Vulnerability from cvelistv5 – Published: 2026-05-13 20:30 – Updated: 2026-05-14 15:47
VLAI
EPSS
VEX
Title
Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Summary
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nitrojs/nitro/security/advisor… | x_refsource_CONFIRM |
| https://github.com/nitrojs/nitro/pull/4236 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/releases/tag/v2.13.4 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/releases/tag/v3.… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T15:46:57.649072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T15:47:06.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nitro",
"vendor": "nitrojs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.260429-beta"
}
]
},
{
"product": "nitropack",
"vendor": "nitrojs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T20:30:44.943Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nitrojs/nitro/security/advisories/GHSA-9phm-9p8f-hw5m"
},
{
"name": "https://github.com/nitrojs/nitro/pull/4236",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/pull/4236"
},
{
"name": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4"
},
{
"name": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta"
}
],
"source": {
"advisory": "GHSA-9phm-9p8f-hw5m",
"discovery": "UNKNOWN"
},
"title": "Nitro: Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44372",
"datePublished": "2026-05-13T20:30:44.943Z",
"dateReserved": "2026-05-05T20:15:20.631Z",
"dateUpdated": "2026-05-14T15:47:06.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44373 (GCVE-0-2026-44373)
Vulnerability from cvelistv5 – Published: 2026-05-13 20:26 – Updated: 2026-05-14 13:16
VLAI
EPSS
VEX
Title
Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`
Summary
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nitrojs/nitro/security/advisor… | x_refsource_CONFIRM |
| https://github.com/nitrojs/nitro/pull/4222 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/pull/4223 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/releases/tag/v2.13.4 | x_refsource_MISC |
| https://github.com/nitrojs/nitro/releases/tag/v3.… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44373",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T13:12:25.544148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T13:16:50.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nitro",
"vendor": "nitrojs",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.260429-beta"
}
]
},
{
"product": "nitropack",
"vendor": "nitrojs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3.0.260429-beta."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T20:26:28.255Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nitrojs/nitro/security/advisories/GHSA-5w89-w975-hf9q"
},
{
"name": "https://github.com/nitrojs/nitro/pull/4222",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/pull/4222"
},
{
"name": "https://github.com/nitrojs/nitro/pull/4223",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/pull/4223"
},
{
"name": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/releases/tag/v2.13.4"
},
{
"name": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nitrojs/nitro/releases/tag/v3.0.260429-beta"
}
],
"source": {
"advisory": "GHSA-5w89-w975-hf9q",
"discovery": "UNKNOWN"
},
"title": "Nitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44373",
"datePublished": "2026-05-13T20:26:28.255Z",
"dateReserved": "2026-05-05T20:15:20.631Z",
"dateUpdated": "2026-05-14T13:16:50.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-8709 (GCVE-0-2016-8709)
Vulnerability from cvelistv5 – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
VLAI
EPSS
VEX
Summary
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
Severity
8.8 (High)
CWE
- remote code error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96155 | vdb-entryx_refsource_BID |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
Impacted products
Date Public
2017-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nitro Pro",
"vendor": "Nitro",
"versions": [
{
"status": "affected",
"version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
],
"datePublic": "2017-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:16:42.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nitro Pro",
"version": {
"version_data": [
{
"version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
}
]
},
"vendor_name": "Nitro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96155"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0218/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0218/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8709",
"datePublished": "2017-02-10T17:00:00.000Z",
"dateReserved": "2016-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8711 (GCVE-0-2016-8711)
Vulnerability from cvelistv5 – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
VLAI
EPSS
VEX
Summary
A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.
Severity
8.8 (High)
CWE
- remote code error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96155 | vdb-entryx_refsource_BID |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
Impacted products
Date Public
2017-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nitro Pro",
"vendor": "Nitro",
"versions": [
{
"status": "affected",
"version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
],
"datePublic": "2017-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:16:45.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nitro Pro",
"version": {
"version_data": [
{
"version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
}
]
},
"vendor_name": "Nitro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96155"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0224/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0224/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8711",
"datePublished": "2017-02-10T17:00:00.000Z",
"dateReserved": "2016-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8713 (GCVE-0-2016-8713)
Vulnerability from cvelistv5 – Published: 2017-02-10 17:00 – Updated: 2024-08-06 02:27
VLAI
EPSS
VEX
Summary
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
Severity
8.8 (High)
CWE
- remote code error
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96155 | vdb-entryx_refsource_BID |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
Impacted products
Date Public
2017-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nitro Pro",
"vendor": "Nitro",
"versions": [
{
"status": "affected",
"version": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
],
"datePublic": "2017-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:16:47.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "96155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nitro Pro",
"version": {
"version_data": [
{
"version_value": "10.5.9.9 (Nitro PDF Library - 10, 5, 9, 9) - x64 version"
}
]
}
}
]
},
"vendor_name": "Nitro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96155"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0226/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0226/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8713",
"datePublished": "2017-02-10T17:00:00.000Z",
"dateReserved": "2016-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}