Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server developed by Mat Trudel. Versions of Bandit from 1.4.0 to 1.11.1 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could allow unauthenticated remote attackers to cause denial-of-servi...

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server developed by Mat Trudel. Versions of Bandit from 1.6.1 to 1.11.1 contained security vulnerabilities. These vulnerabilities were caused by infinite loops, which could allow unauthenticated remote attackers to exploit the system through...

Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion

Summary Bandit's HTTP/2 parser checks frame size after it has already buffered the full body, instead of when it sees the 9-byte header. A peer can announce a 16 MiB frame on a connection that agreed to 16 KiB frames and the server will silently buffer up to 1024× the agreed budget per connection...

GHSA-Q6V9-R226-V65F Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion

Summary Bandit's HTTP/2 parser checks frame size after it has already buffered the full body, instead of when it sees the 9-byte header. A peer can announce a 16 MiB frame on a connection that agreed to 16 KiB frames and the server will silently buffer up to 1024× the agreed budget per connection...

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit version 1.0.0 through versions prior to 1.11.0, which stems from a reliance on untrustworthy input to make security decisions, and could lead to an...

Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit version 0.3.6 through versions prior to 1.11.0, which stems from HTTP/2 frame deserialization that buffers the entire body of a frame before checking the size...

Bandit 环境问题漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. An environmental issue vulnerability exists in Bandit versions prior to 1.11.0, which stems from inconsistent handling of duplicate Content-Length headers and could lead to HTTP request entrapment...