149 matches found
CVE-2021-41084
http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...
HTTP Request Smuggling
Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...
EUVD-2021-1987
Malware in sbrugna...
EUVD-2021-0971
Malware in sbrugna...
EUVD-2021-0578
Malware in sbrugna...
EUVD-2020-0333
Malware in sbrugna...
EUVD-2021-0580
Malware in sbrugna...
EUVD-2021-1978
Malware in sbrugna...
EUVD-2023-0335
Malicious code in bioql PyPI...
CVE-2025-59822
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls...
CVE-2025-59822
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls...
CVE-2025-59822 Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls...
CVE-2025-59822 Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls...
CVE-2025-59822
CVE-2025-59822 affects http4s (Scala). Versions 1.0.0-M1 up to just before 1.0.0-M45 and before 0.23.31 are vulnerable to HTTP Request Smuggling caused by improper handling of the HTTP trailer section. The vulnerability can allow bypassing front‑end security controls, abusing active user sessions...
CVE-2025-59822 Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls...
dev.hnaderi:scala-k8s-http4s-ember_native0.4_2.13 (>=0.11.0 <=0.25.0), dev.hnaderi:scala-k8s-http4s_native0.4_2.13 (>=0.4.0 <=0.10.0) +33 more potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-core_native0.4_2.13 (>=0.23.16 <=0.23.30)
org.http4s:http4s-ember-corenative0.42.13 MAVEN version =0.23.16, =0.11.0, =0.4.0, =0.0.1, =0.1.0+0.0.1, =2.14.0+0.0.1, =0.9.0+0.0.1, =2.12.0+0.0.1, =0.15.0+0.0.1, =2.13.0+0.0.1, =2.34.0+0.0.1, =2.20.0+0.0.1, =1.11.0+0.0.1, =1.44.0+0.0.6 - io.chrisdavenport:http...
com.armanbilge:sbt-bundlemon_2.12_1.0 (=0.1.4), com.avast:sst-bundle-monix-http4s-ember_2.12 (>=0.17.0 <=0.19.3) +66 more potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-core_2.12 (>=0.10.0-M10 <=0.23.30)
org.http4s:http4s-ember-core2.12 MAVEN version =0.10.0-M10, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.0.0-3-cca5341b, =0.12.1, =7.1.0, =0.21.0, =0.20.4, =0.21.0, =0.21.0, =0.21.0, =0.22.1 and more Source cves: CVE-2025-59822 Source advisory: SNYK:JAVA-ORGHTTP4S-13019566...
com.47deg:energy-monitor-persistence-app_3 (=0.2.0), com.avast:sst-bundle-monix-http4s-ember_3 (>=0.17.0 <=0.19.3) +163 more potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-core_3 (>=0.22.0-M8 <=0.23.30)
org.http4s:http4s-ember-core3 MAVEN version =0.22.0-M8, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.0.1, =1.0.0, =0.12.1, =7.1.0, =0.22.0, =0.22.0, =0.22.1 and more Source cves: CVE-2025-59822 Source advisory: SNYK:JAVA-ORGHTTP4S-13019560...
io.chrisdavenport:shellserve_sjs1_2.12 (=0.0.2) potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-server_sjs1_2.12 (=0.23.12)
org.http4s:http4s-ember-serversjs12.12 MAVEN version =0.23.12 is affected by a known vulnerability. The following packages have a transitive dependency on org.http4s:http4s-ember-serversjs12.12 and may be impacted: - io.chrisdavenport:shellservesjs12.12 =0.0.2 Source cves: CVE-2025-59822 Source...
com.47deg:energy-monitor-persistence-app_3 (=0.2.0), com.avast:sst-bundle-monix-http4s-ember_3 (>=0.17.0 <=0.19.3) +163 more potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-core_3 (>=0.22.0-M8 <=0.23.30)
org.http4s:http4s-ember-core3 MAVEN version =0.22.0-M8, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.0.1, =1.0.0, =0.12.1, =7.1.0, =0.22.0, =0.22.0, =0.22.1 and more Source cves: CVE-2025-59822 Source advisory: OSV:GHSA-WCWH-7GFW-5WRR...