3 matches found
CVE-2026-48861
creationtimestamp| type| source ---|---|--- 2026-06-02 16:59:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnd2xy373n2o 2026-07-10 00:35:21+00:00| published-proof-of-concept| https://github.com/elixir-mint/mint/security/advisories/GHSA-2pg6-44cx-c49v 2026-07-10 04:12:07+00:00|...
CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...
CVE-2026-48861
The CVE describes a CRLF injection risk in elixir-mint Mint through the HTTP/1 request line construction. Specifically, encode_request_line/2 directly embeds caller-supplied method and target into the line, allowing an attacker to terminate the line and inject headers, enabling HTTP request split...