14 matches found
CVE-2026-49753
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...
CVE-2026-49753
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...
CVE-2026-49753
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...
EUVD-2026-33941
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...
CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...
CVE-2026-49753
Summary of the vulnerability : CVE-2026-49753 affects the Elixir Mint HTTP/1 client. The root cause is a lenient Content-Length parser in Mint.HTTP1.Parse.content_length_header/1, which accepts a leading + sign (e.g., +0, +123) despite RFC 7230 requiring unsigned digits only. When the same Mint c...
EEF-CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing
Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 i...
Mint 安全漏洞
Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities were due to inconsistent interpretation of HTTP requests, which could allow attackers to cause asynchronous response frames ...
PT-2026-45786
Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.content length header/1...
curl: CVE-2026-5773: wrong reuse of SMB connection
A vulnerability was discovered in curl version 8.19.0 and earlier versions that support SMB. The vulnerability was due to the incorrect reuse of SMB connections across different shares on the same server. This led to data spoofing and access control bypass. The issue was caused by the lack of...
Malicious code in @infoserver/gov-shared-connections (npm)
--- -= Per source details. Do not edit below this line.=-...
DEBIAN-CVE-2024-7885
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
Apache Guacamole 安全漏洞
Apache Guacamole is a clientless remote desktop gateway from the Apache USA Foundation. The product supports protocols such as VNC, RDP and SSH. An information disclosure vulnerability exists in Apache Guacamole 1.2.0 and earlier versions, which stems from the fact that if multiple users share...
PT-2021-9434 · Apache +1 · Apache Guacamole +1
Name of the Vulnerable Software and Affected Versions: Apache Guacamole versions 1.2.0 and earlier Description: The issue arises from inconsistent access restrictions to connection history based on user visibility. When multiple users share access to the same connection, they may be able to see...