Lucene search
K

29 matches found

RedHat Linux
RedHat Linux
added last week6 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added last week4 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/30 1:42 a.m.9 views

SUSE CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
NVD
NVD
added 2026/06/28 2:16 a.m.10 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS0.00202EPSS
Exploits0References3
OSV
OSV
added 2026/06/28 2:16 a.m.3 views

UBUNTU-CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.37 views

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS0.00202EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/28 1:32 a.m.9 views

EUVD-2026-39975

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/28 1:32 a.m.5 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0
CVE
CVE
added 2026/06/28 1:32 a.m.109 views

CVE-2026-58055

nghttp2 nghttpx (up to version 1.69.0) is affected. The proxy forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body to reusable keep-alive backend connections, re-adding Upgrade and Connection headers while passing Content-Length verbatim. This creates an ambiguo...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content- Length header and body onto reusable keep-alive backend...

6.3CVSS6.2AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 10:34 a.m.4 views

SUSE-SU-2026:2647-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS6.6AI score0.02806EPSS
Exploits3References39
OSV
OSV
added 2026/06/19 2:19 p.m.10 views

GHSA-35P6-XMWP-9G52 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 6:18 p.m.4 views

DEBIAN-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 6:18 p.m.7 views

UBUNTU-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 5:14 p.m.22 views

CVE-2026-6733 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS0.00228EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 5:14 p.m.7 views

CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-53087

Name of the Vulnerable Software and Affected Versions nghttp2 nghttpx versions prior to 1.69.0 Description The nghttpx proxy forwards HTTP/1.1 Upgrade requests that contain a Content-Length header and body onto reusable keep-alive backend connections. During this process, it re-adds the Upgrade a...

6.3CVSS6AI score0.00202EPSS
Exploits0References16
Packet Storm
Packet Storm
added 2025/12/24 12:0 a.m.183 views

📄 Varnish / Styx HTTP Request Smuggling

Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-1482

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01022EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 11:30 a.m.12 views

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

7.5CVSS6.6AI score0.01022EPSS
Exploits0References1
Rows per page
Query Builder