Lucene search
K

16 matches found

OSV
OSV
added 2026/06/15 8:46 p.m.5 views

GHSA-HVCG-QMG6-JM4C Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/19 7:25 p.m.14 views

EUVD-2026-29951

Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References5
OSV
OSV
added 2026/05/07 12:22 a.m.6 views

GHSA-38F8-5428-X5CV Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding

Summary Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. Details Netty incorrectly marks a request as chunked when malformed "Transfer-Encoding: chunked, identity" is present. According to RFC...

6.5CVSS6AI score0.00248EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38377

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty incorrectly parses malformed Transfer-Encoding headers, which can lead to request smuggling attacks. Specifically, the framework incorrectly marks a...

7.5CVSS6AI score0.00248EPSS
Exploits1References346
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS5.8AI score0.00528EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS5.9AI score0.00528EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/13 9:11 a.m.8 views

EUVD-2026-11776

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS5.8AI score0.00528EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.16 views

CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)

The version of rubygem-protocol-http1 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38697 advisory. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section...

5.8CVSS5.7AI score0.00637EPSS
Exploits0References2
Prion
Prion
added 2023/08/04 6:15 p.m.15 views

Design/Logic Flaw

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5CVSS4.9AI score0.00637EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/08/04 6:15 p.m.20 views

CVE-2023-38697

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS6.1AI score0.00637EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/08/04 5:32 p.m.10 views

CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS5.4AI score0.00637EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/08/04 5:32 p.m.13 views

CVE-2023-38697

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS5.1AI score0.00637EPSS
Exploits0
OSV
OSV
added 2023/08/04 5:32 p.m.27 views

CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

5.8CVSS5.4AI score0.00637EPSS
Exploits0References6
OSV
OSV
added 2023/08/03 4:36 p.m.19 views

GHSA-6JWC-QR2Q-7XWJ protocol-http1 HTTP Request/Response Smuggling vulnerability

Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...

5.8CVSS5.5AI score0.00637EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/08/03 4:36 p.m.29 views

protocol-http1 HTTP Request/Response Smuggling vulnerability

Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...

5.8CVSS6.3AI score0.00637EPSS
Exploits0References7Affected Software1
RubySec
RubySec
added 2023/08/03 12:0 a.m.20 views

protocol-http1 HTTP Request/Response Smuggling vulnerability

Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...

5.8CVSS6.8AI score0.00637EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder