com.alejandrohdezma:scala-steward-core_2.13 (>=0.11.0 <=0.11.1), com.github.tototoshi:mvnsearch_2.13 (>=0.5.0 <=0.5.1) +136 more potentially affected by CVE-2023-22465 via org.http4s:http4s-core_2.13 (>=1.0.0-M10 <=1.0.0-M37)

org.http4s:http4s-core2.13 MAVEN version =1.0.0-M10, =0.11.0, =0.5.0, =1.3.0, =0.9.0-M2, =0.9.0-M2, =5.0.0-RC1, =5.0.0-RC1, =3.3.0, =0.4.1, =0.2.0, =0.3.0, =0.2.0, =0.2.1 and more Source cves: CVE-2023-22465 Source advisory: OSV:GHSA-54W6-VXFH-FW7F...

com.47deg:embedded-cassandra-core_2.12 (=0.0.7), com.47deg:github4s_2.12 (>=0.22.0 <=0.28.5) +295 more potentially affected by CVE-2023-22465 via org.http4s:http4s-core_2.12 (>=0.20.0-M1 <=0.21.33)

org.http4s:http4s-core2.12 MAVEN version =0.20.0-M1, =0.22.0, =0.13.2, =0.2.6, =0.3.0, =0.2.0, =0.1.0, =0.6.1, =0.6.1, =0.18.3, =0.18.7 - com.avast:datadog4s-http4s2.12 =0.6.0 - com.avast:datadog4s2.12 =0.6.0 - com.avast:scala-server-toolkit-http4s-blaze-client2.12 =0.1.3 -...

com.avast.cloud:datadog4s-http4s_2.12 (=0.14.0), com.avast.cloud:datadog4s_2.12 (=0.14.0) +90 more potentially affected by CVE-2023-22465 via org.http4s:http4s-core_2.12 (>=0.22.0 <=0.22-143-49b5a8d)

org.http4s:http4s-core2.12 MAVEN version =0.22.0, =0.18.8, =0.17.0, =0.17.0, =0.15.4, =0.17.0, =0.15.4, =0.17.0, =0.15.4, =0.15.4, =0.17.0, =0.17.0, =0.15.4, =0.15.4, =0.18.4 and more Source cves: CVE-2023-22465 Source advisory: OSV:GHSA-54W6-VXFH-FW7F...

Http4s improperly parses User-Agent and Server headers

Impact The User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. v0.21.x scala val unsafe: OptionUser-Agent = req.headers.getUser-Agent...

GHSA-54W6-VXFH-FW7F Http4s improperly parses User-Agent and Server headers

Impact The User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. v0.21.x scala val unsafe: OptionUser-Agent = req.headers.getUser-Agent...

CVE-2023-22465

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...

Design/Logic Flaw

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...

CVE-2023-22465

Http4s (Scala HTTP services) has a vulnerability where the User-Agent and Server header parsers can fatal‑error on certain inputs. Affected versions include 0.1.0 up to but not including 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a...

CVE-2023-22465 Http4s has fatal error parsing User-Agent and Server headers

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...

CVE-2023-22465 Http4s has fatal error parsing User-Agent and Server headers

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...

CVE-2023-22465 Http4s has fatal error parsing User-Agent and Server headers

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...

PT-2023-18517 · Http4S · Http4S

Name of the Vulnerable Software and Affected Versions: Http4s versions 0.1.0 through 0.21.33 Http4s versions 0.22.0 through 0.22.14 Http4s versions 0.23.0 through 0.23.16 Http4s versions 1.0.0-M0 through 1.0.0-M37 Description: The User-Agent and Server header parsers in Http4s are susceptible to ...

Malicious code in http4s-proxy-aget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ce8013404c2d4857d10c30ca8cca41836c76f1021322a394aec4bf792b01945 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3701 Malicious code in http4s-proxy-aget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6ce8013404c2d4857d10c30ca8cca41836c76f1021322a394aec4bf792b01945 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

com.github.ghostdogpr:caliban-client_3.0.0-RC3 (=0.10.0), com.github.ghostdogpr:caliban-zio-http_3.0.0-RC3 (=0.10.0) +9 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_3.0.0-RC3 (=1.1.2)

org.typelevel:jawn-parser3.0.0-RC3 MAVEN version =1.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.typelevel:jawn-parser3.0.0-RC3 and may be impacted: - com.github.ghostdogpr:caliban-client3.0.0-RC3 =0.10.0 -...

Hash collision in typelevel jawn

Impact Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext are vulnerable to a hash collision attack. Most applications do not implement these traits directly, but inherit from a library: Affected implementations include: org.http...

com.avast:sst-app-monix_3 (>=0.17.0 <=0.19.3), com.avast:sst-app-zio_3 (>=0.17.0 <=0.19.3) +23 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_3 (>=0.22.0 <=0.22.4)

org.http4s:http4s-server3 MAVEN version =0.22.0, =0.17.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =0.16.0, =0.18.1, =0.22.0, =0.22.0, =0.22.15 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

ba.sake:sharaf-http4s_3 (>=0.17.0 <=0.18.2), ba.sake:sharaf-https_3 (>=0.14.0 <=0.16.0) +189 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_3 (>=0.23.0 <=0.23.34)

org.http4s:http4s-server3 MAVEN version =0.23.0, =0.17.0, =0.14.0, =2.0.21, =2.0.21, =2.0.21, =0.2.0, =0.0.1, =0.1.0, =0.12.1, =7.1.0, =0.22.0, =0.1.0, =1.1.1, =3.1.2 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

com.alejandrohdezma:http4s-munit-testcontainers_2.12 (=0.8.0), com.alejandrohdezma:http4s-munit_2.12 (=0.8.0) +46 more potentially affected by CVE-2021-41084 via org.http4s:http4s-client_2.12 (>=0.22.0 <=0.22.4)

org.http4s:http4s-client2.12 MAVEN version =0.22.0, =0.12.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.12.0, =0.17.0, =0.17.0, =0.12.0, =0.17.0-11-3359289, =0.12.0, =0.17.19 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

com.47deg:github4s_2.12 (>=0.29.1 <=0.33.3), com.47deg:github4s_sjs1_2.12 (>=0.31.0 <=0.33.3) +141 more potentially affected by CVE-2021-41084 via org.http4s:http4s-client_2.12 (>=0.23.0 <=0.23.34)

org.http4s:http4s-client2.12 MAVEN version =0.23.0, =0.29.1, =0.31.0, =0.9.4, =9.0.0, =0.0.1, =0.17.0, =0.12.1, =0.12.1, =0.12.1, =4.0.0-M15, =4.0.0-M16 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...