Lucene search
K

15 matches found

EUVD
EUVD
added 4 days ago11 views

EUVD-2026-33939

mint: Unbounded streams map growth via PUSHPROMISE without follow-up HEADERS...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:17 a.m.6 views

CVE-2026-56810

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/07/06 9:17 a.m.5 views

EUVD-2026-41862

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 9:17 a.m.1 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.5AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 4:16 p.m.18 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.9 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/02 2:15 p.m.39 views

CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS0.00301EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 2:15 p.m.13 views

EEF-CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 i...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 2:15 p.m.10 views

EEF-CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 2:15 p.m.9 views

EEF-CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 2:15 p.m.9 views

EEF-CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the...

2.1CVSS6AI score0.00166EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 2:15 p.m.9 views

CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS6AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the encoderequestline/2 function not verifying the CRLF characters in method parameters, which could lead to HT...

2.1CVSS5.4AI score0.00166EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-45786

Name of the Vulnerable Software and Affected Versions mint versions 0.1.0 through 1.8.x Description An inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections. The iss...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References13
Rows per page
Query Builder