CVE-2024-34078: Late Unicode Normalization Bypass

Performing Unicode normalization (like NFKC or NFC) at the end of a sanitization or filtering function can lead to security bypasses. Attackers can use alternative full-width Unicode characters (e.g., '＜') that bypass initial HTML element filtering, and are later normalized into dangerous characters (e.g., '<') before output. Normalization should occur befor

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0

Python

greprules fetch cve-2024-34078-late-unicode-normalization-bypass --engine opengrep

Description

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 72How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0