97 matches found
CVE-2026-39806
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...
CVE-2026-39803
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...
Quality and Security Signals in AI-Generated Python Refactoring Pull Requests
As AI agents increasingly contribute to code development and maintenance, there is still limited empirical evidence on the quality and risk characteristics of their changes in real-world projects, particularly for refactoring-oriented contributions. It remains unclear how agent-authored refactori...
EUVD-2026-29951
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder...
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder
Summary A worker-pinning denial of service in Bandit's HTTP/1 chunked transfer decoder. Any unauthenticated client that sends a Transfer-Encoding: chunked request whose body ends with a trailer field RFC 9112 §7.1.2 explicitly permits this causes the connection's worker process to spin forever in...
GHSA-RF5Q-VWXW-GMRF Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder
Summary A worker-pinning denial of service in Bandit's HTTP/1 chunked transfer decoder. Any unauthenticated client that sends a Transfer-Encoding: chunked request whose body ends with a trailer field RFC 9112 §7.1.2 explicitly permits this causes the connection's worker process to spin forever in...
GHSA-9Q9Q-324X-93R2 Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures e.g. Plug.Parsers' default 8 MB length: and buffers the entire body in memory before the application sees it. An unauthenticated attacker can crash any Bandit-fronted Phoenix/Plug app...
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures e.g. Plug.Parsers' default 8 MB length: and buffers the entire body in memory before the application sees it. An unauthenticated attacker can crash any Bandit-fronted Phoenix/Plug app...
EUVD-2026-29950
Bandit: Unauthenticated one-shot DoS via Transfer-Encoding: chunked...
CVE-2026-42786
A flaw was found in bandit. A remote, unauthenticated attacker can exploit an Allocation of Resources Without Limits or Throttling vulnerability in the fragment reassembly path of the WebSocket connection handling. This allows the attacker to send an unbounded number of continuation frames, leadi...
CVE-2026-39805
A flaw was found in Bandit, an HTTP server. This vulnerability allows for HTTP request smuggling due to the server's inconsistent handling of duplicate Content-Length headers in HTTP requests. An unauthenticated attacker can exploit this by sending a specially crafted request. If Bandit is...
CVE-2026-39804
A flaw was found in bandit. An unauthenticated attacker who can open a WebSocket connection can exploit a vulnerability when WebSocket permessage-deflate compression is enabled. This flaw allows for memory exhaustion by sending a highly compressed frame that, when decompressed, forces large memor...
CVE-2026-39806
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...
CVE-2026-39803
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...
CVE-2026-39806
The CVE-2026-39806 issue affects Bandit (Elixir.Bandit.HTTP1.Socket) where do_read_chunked_data!/5 loops indefinitely when a chunked request includes trailer fields. The root cause is that RFC 9112 §7.1.2 allows trailers after the 0-length chunk, but the code exits only when the next line is imme...
CVE-2026-39806 HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...
CVE-2026-39806
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...
CVE-2026-39806 HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...
EEF-CVE-2026-39806 HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit
Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\...
CVE-2026-39803 HTTP/1 chunked body reader ignores length cap in bandit
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...