CNNVD-202602-1282 Information

CNNVD ID

CNNVD-202602-1282

Related CVE

CVE-2026-25765

• CNNVD Published: 2026-02-09

Description (Chinese)

faraday是lostisland开源的一个HTTP客户端库。 Faraday 2.14.1之前版本存在代码问题漏洞，该漏洞源于使用Ruby的URI#merge方法处理用户输入，可能导致服务端请求伪造攻击。

Description (English)

Faraday is an open source HTTP client library in Lostisland. Prior to Faraday 2.14.1 there was a code problem loophole, which arose from the use of Ruby ’ s URL#merge method to process user input, which could lead to a request from the service for a false attack.

Vulnerability Type

代码问题

Affected Vendor

lostisland

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc https://github.com/lostisland/faraday/releases/tag/v2.14.1 https://github.com/lostisland/faraday/security/advisories/GHSA-33mh-2634-fwr2

Patch

https://github.com/lostisland/faraday/releases