1 results (0.003 seconds)
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27110 – Libmodsecurity3 has possible bypass of encoded HTML entities
https://notcve.org/view.php?id=CVE-2025-27110
25 Feb 2025 — Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available. • https://github.com/owasp-modsecurity/ModSecurity/issues/3340 • CWE-172: Encoding Error •