Lucene search
K

8 matches found

Snyk
Snyk
added 2026/03/23 9:48 p.m.7 views

Open Redirect

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Open Redirect via the redirectBack function. An attacker can cause users to be redirected to an external, attacker-controlled domain by crafting a URL with a...

5.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 8:50 p.m.4 views

CRLF Injection

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized carriage return characters in the data and comment fields of the EventStream class. An attacker can inject arbitrary server-sent...

5.3CVSS5.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/18 4:18 p.m.8 views

@abysslabs/cli (=0.0.2), @brendonovich/solidjs__start (>=0.0.0 <=0.0.3) +52 more potentially affected by CVE-2026-33131 via h3 (>=2.0.0-beta.0 <=2.0.1-rc.14)

h3 NPM version =2.0.0-beta.0, =0.0.0, =0.3.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.11.5 and more Source cves: CVE-2026-33131 Source advisory: SNYK:JS-H3-15692484...

9.1CVSS5.7AI score0.00388EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/18 4:17 p.m.8 views

@100x/application (>=0.0.1 <=0.0.6), @aact/view (>=3.0.0-beta.19 <=3.0.0-beta.28) +448 more potentially affected by CVE-2026-33129 via h3 (>=2.0.0-beta.0 <=2.0.1-rc.8)

h3 NPM version =2.0.0-beta.0, =0.0.1, =3.0.0-beta.19, =0.0.1, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.1.0, =0.1.0, =0.3.3 and more Source cves: CVE-2026-33129 Source advisory: OSV:GHSA-26F5-8H2X-34XH...

5.9CVSS5.7AI score0.00319EPSS
Exploits1
Snyk
Snyk
added 2026/03/18 4:17 p.m.5 views

Timing Attack

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducing password...

8.2CVSS5.8AI score0.00319EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:17 p.m.5 views

CRLF Injection

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized input in the formatEventStreamMessage and formatEventStreamComment functions. An attacker can inject arbitrary...

10CVSS5.9AI score0.00486EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:17 p.m.6 views

CRLF Injection

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized input in the formatEventStreamMessage and formatEventStreamComment functions. An attacker can inject arbitrary Server-Sent Events...

10CVSS5.8AI score0.00486EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/15 7:24 p.m.2 views

HTTP Request Smuggling

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls and poison web...

9.8CVSS6.8AI score0.00576EPSS
Exploits1References2
Rows per page
Query Builder