Filtered by vendor H3js
Subscriptions
Filtered by product Srvx
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33732 | 1 H3js | 1 Srvx | 2026-03-27 | 4.8 Medium |
| srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's `FastURL` allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme (e.g. `file://`). Starting in version 0.11.13, the `FastURL` constructor now deopts to native `URL` for any string not starting with `/`, ensuring consistent pathname resolution. | ||||
Page 1 of 1.