Lucene search

[email protected]NVD:CVE-2023-22465

HistoryJan 04, 2023 - 4:15 p.m.

CVE-2023-22465

2023-01-0416:15:09

CWE-20

[email protected]

web.nvd.nist.gov

http4s

scala

http services

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

31.8%

JSON

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a workaround, use the weakly typed header interface.

Affected configurations

NVD

Node

typelevelhttp4sRange0.1.0–0.21.34

typelevelhttp4sRange0.22.0–0.22.15

typelevelhttp4sRange0.23.0–0.23.17

typelevelhttp4sMatch1.0.0milestone1

typelevelhttp4sMatch1.0.0milestone10

typelevelhttp4sMatch1.0.0milestone11

typelevelhttp4sMatch1.0.0milestone12

typelevelhttp4sMatch1.0.0milestone13

typelevelhttp4sMatch1.0.0milestone14

typelevelhttp4sMatch1.0.0milestone15

typelevelhttp4sMatch1.0.0milestone16

typelevelhttp4sMatch1.0.0milestone17

typelevelhttp4sMatch1.0.0milestone18

typelevelhttp4sMatch1.0.0milestone19

typelevelhttp4sMatch1.0.0milestone2

typelevelhttp4sMatch1.0.0milestone20

typelevelhttp4sMatch1.0.0milestone21

typelevelhttp4sMatch1.0.0milestone22

typelevelhttp4sMatch1.0.0milestone23

typelevelhttp4sMatch1.0.0milestone24

typelevelhttp4sMatch1.0.0milestone25

typelevelhttp4sMatch1.0.0milestone26

typelevelhttp4sMatch1.0.0milestone27

typelevelhttp4sMatch1.0.0milestone28

typelevelhttp4sMatch1.0.0milestone29

typelevelhttp4sMatch1.0.0milestone3

typelevelhttp4sMatch1.0.0milestone30

typelevelhttp4sMatch1.0.0milestone31

typelevelhttp4sMatch1.0.0milestone32

typelevelhttp4sMatch1.0.0milestone33

typelevelhttp4sMatch1.0.0milestone34

typelevelhttp4sMatch1.0.0milestone35

typelevelhttp4sMatch1.0.0milestone36

typelevelhttp4sMatch1.0.0milestone37

typelevelhttp4sMatch1.0.0milestone4

typelevelhttp4sMatch1.0.0milestone5

typelevelhttp4sMatch1.0.0milestone6

typelevelhttp4sMatch1.0.0milestone7

typelevelhttp4sMatch1.0.0milestone8

typelevelhttp4sMatch1.0.0milestone9

References

github.com/http4s/http4s/security/advisories/GHSA-54w6-vxfh-fw7f

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for NVD:CVE-2023-22465

cve1 osv2 prion1 github1 cvelist1