8 matches found
Open Redirect
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Open Redirect via the redirectBack function. An attacker can cause users to be redirected to an external, attacker-controlled domain by crafting a URL with a...
CRLF Injection
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized carriage return characters in the data and comment fields of the EventStream class. An attacker can inject arbitrary server-sent...
@abysslabs/cli (=0.0.2), @brendonovich/solidjs__start (>=0.0.0 <=0.0.3) +52 more potentially affected by CVE-2026-33131 via h3 (>=2.0.0-beta.0 <=2.0.1-rc.14)
h3 NPM version =2.0.0-beta.0, =0.0.0, =0.3.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.11.5 and more Source cves: CVE-2026-33131 Source advisory: SNYK:JS-H3-15692484...
@100x/application (>=0.0.1 <=0.0.6), @aact/view (>=3.0.0-beta.19 <=3.0.0-beta.28) +448 more potentially affected by CVE-2026-33129 via h3 (>=2.0.0-beta.0 <=2.0.1-rc.8)
h3 NPM version =2.0.0-beta.0, =0.0.1, =3.0.0-beta.19, =0.0.1, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.1.0, =0.1.0, =0.3.3 and more Source cves: CVE-2026-33129 Source advisory: OSV:GHSA-26F5-8H2X-34XH...
Timing Attack
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducing password...
CRLF Injection
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized input in the formatEventStreamMessage and formatEventStreamComment functions. An attacker can inject arbitrary...
CRLF Injection
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized input in the formatEventStreamMessage and formatEventStreamComment functions. An attacker can inject arbitrary Server-Sent Events...
HTTP Request Smuggling
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls and poison web...