36 matches found
CVE-2026-33129
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
CVE-2026-33128 h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields
H3 is a minimal HTTP framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events SSE injection due to missing newline sanitization in formatEventStreamMessage and formatEventStreamComment. An attacker who controls any part of...
CVE-2026-33128
H3 is a minimal HTTP framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events SSE injection due to missing newline sanitization in formatEventStreamMessage and formatEventStreamComment. An attacker who controls any part of...
H3 安全漏洞
H3 is an open-source HTTP framework developed by H3. Versions 2.0.0-0 to 2.0.1-rc.14 of H3 contain security vulnerabilities. These vulnerabilities stem from a Host header spoofing issue in NodeRequestUrl, which may allow middleware to bypass security checks...
H3 安全漏洞
H3 is an open-source HTTP framework developed by H3. Versions of H3 from 2.0.1-beta.0 to 2.0.0-rc.8 contain security vulnerabilities. These vulnerabilities stem from the use of insecure string comparisons in the requireBasicAuth function, which may lead to timing side-channel attacks...
Directory Traversal
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic function. An attacker can access arbitrary files outside the intended static directory by sending crafted...
GHSA-WR4H-V87W-P3R7 h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read
Summary serveStatic in h3 is vulnerable to path traversal via percent-encoded dot segments %2e%2e, allowing an unauthenticated attacker to read arbitrary files outside the intended static directory on Node.js deployments. Details The vulnerability exists in src/utils/static.ts at line 86:...
Directory Traversal
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic function. An attacker can access arbitrary files outside the intended static directory by sending crafted HTTP requests...
User Impersonation
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header in HTTP requests, which allows untrusted input to influence the construction of the event.url object. An...
GHSA-3VJ8-JMXQ-CGJ5 h3 has a middleware bypass with one gadget
H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...
CVE-2026-23527 h3 v1 has Request Smuggling (TE.TE) issue
H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...
EUVD-2026-2737
H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...
CVE-2026-23527
CVE-2026-23527 affects the h3 HTTP framework (pre-1.15.5). The vulnerability is in readRawBody, which performs a strict case-sensitive check for the Transfer-Encoding header and looks for the literal value “chunked.” Because RFC requires case-insensitive handling, an attacker can craft a request ...
PT-2026-3098
Name of the Vulnerable Software and Affected Versions H3 versions prior to 1.15.5 Description H3 is a minimal HTTP framework designed for high performance and portability. A critical HTTP Request Smuggling issue exists due to a case-sensitive check for the 'Transfer-Encoding' header within the...