16 matches found
GHSA-HVCG-QMG6-JM4C Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...
EUVD-2026-29951
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder...
GHSA-38F8-5428-X5CV Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
Summary Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. Details Netty incorrectly marks a request as chunked when malformed "Transfer-Encoding: chunked, identity" is present. According to RFC...
PT-2026-38377
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty incorrectly parses malformed Transfer-Encoding headers, which can lead to request smuggling attacks. Specifically, the framework incorrectly marks a...
CVE-2026-23941
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...
CVE-2026-23941
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...
EUVD-2026-11776
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...
CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)
The version of rubygem-protocol-http1 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38697 advisory. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section...
Design/Logic Flaw
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
GHSA-6JWC-QR2Q-7XWJ protocol-http1 HTTP Request/Response Smuggling vulnerability
Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...
protocol-http1 HTTP Request/Response Smuggling vulnerability
Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...
protocol-http1 HTTP Request/Response Smuggling vulnerability
Impact RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension detailed ABNF is in Appendix section. In summary: - The value of Content-Length header should be a string of 0-9 digits. - The chunk size should be a string of hex digits and should split from chunk data...