Lucene search
+L

4 matches found

CVE
CVE
added 2026/06/08 2:12 p.m.29 views

CVE-2026-43974

The CVE concerns the gun_http module of the Erlang-based Gun library (gun_http) in the Gun HTTP client. Affected versions: Gun 2.0.0 up to but not including 2.4.0. Root cause: when a 101 Switching Protocols response arrives over HTTP/1.1, Gun only validates the Upgrade header syntax and the strea...

8.7CVSS5.6AI score0.00381EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 2:12 p.m.10 views

EEF-CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Summary Unexpected Status Code or Return Value vulnerability in ninenines gun gun\http module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gun\http:handle\inform/8, when a 101 Switching Protocols response is...

8.7CVSS6.2AI score0.00381EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 2:12 p.m.2 views

CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

8.7CVSS6.1AI score0.00381EPSS
Exploits0References8
OSV
OSV
added 2026/03/05 8:55 p.m.10 views

GHSA-XQ2H-P299-VJWV Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade

Impact Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This...

9.3CVSS5.8AI score0.00666EPSS
Exploits0References4
Rows per page
Query Builder