25 matches found
CVE-2026-42544
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...
CVE-2026-42545
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...
CVE-2026-42545
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...
CVE-2026-42544
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...
CVE-2026-42545
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...
CVE-2026-42545 Granian: DoS via WSGI response header panic
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...
CVE-2026-42545 Granian: DoS via WSGI response header panic
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...
CVE-2026-42545
Granian is a Rust HTTP server for Python applications. Vulnerable from 0.2.0 up to 2.7.4, where the WSGI response conversion path uses .unwrap() on header name and value constructors; malformed headers trigger a worker process abort instead of handling the error. This results in a Denial of Servi...
CVE-2026-42544 Granian: Unauthenticated DoS via WebSocket subprotocol header panic
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...
CVE-2026-42544
CVE-2026-42544 (Granian) affects Granian versions 1.2.0–2.7.4, where an unauthenticated client sending a WebSocket upgrade request with a non-ASCII Sec-WebSocket-Protocol header causes the server to abort the worker in the WebSocket scope construction path, yielding an unauthenticated DoS. The cr...
CVE-2026-42544 Granian: Unauthenticated DoS via WebSocket subprotocol header panic
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...
granian 安全漏洞
Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions of Granian from 0.2.0 to 2.7.4 contain security vulnerabilities. These vulnerabilities occur when the WSGI application returns invalid HTTP response...
granian 输入验证错误漏洞
Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions 1.2.0 to 2.7.4 of Granian contain a vulnerability related to input validation. This vulnerability arises when an unvalidated client sends a WebSocket...
GHSA-F5P7-9FR5-8JMJ Granian vulnerable to DoS via WSGI response header panic
Summary Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a...
Improper Handling of Exceptional Conditions
Overview granian is an A Rust HTTP server for Python applications Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions through the WSGI response conversion process. An attacker can cause the worker process to abort by supplying or influencing invalid HTT...
Granian vulnerable to DoS via WSGI response header panic
Summary Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a...
aloni (>=0.2.1 <=0.2.3), another (=0.1.0) +7 more potentially affected by CVE-2026-42545 via granian (>=0.2.6 <=2.6.1)
granian PYPI version =0.2.6, =0.2.1, =1.0.0, =2.5.0, =1.0.0, =0.2.0, =0.0.1, =2025.1.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42545 Source advisory: OSV:GHSA-F5P7-9FR5-8JMJ...
gobstopper (>=0.2.0 <=0.2.7), modelw-preset-django (>=2025.7.0 <=2026.1.0b2) +1 more potentially affected by CVE-2026-42545 via granian (>=2.3.4 <=2.6.1)
granian PYPI version =2.3.4, =0.2.0, =2025.7.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42545 Source advisory: SNYK:PYTHON-GRANIAN-16635309...
aloni (>=0.2.1 <=0.2.3), code-exec-hz (>=1.0.0 <=1.0.1) +6 more potentially affected by CVE-2026-42544 via granian (>=1.3.2 <=2.6.1)
granian PYPI version =1.3.2, =0.2.1, =1.0.0, =2.5.10, =1.0.0, =0.2.0, =0.0.1, =2025.1.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42544 Source advisory: OSV:GHSA-VRG7-482J-P6F6...
GHSA-VRG7-482J-P6F6 Granian vulnerable to unauthenticated DoS via WebSocket subprotocol header panic
Summary Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction path, before the ASGI application is invoked. This is a single-request...