925 matches found
CVE-2026-28898
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
EUVD-2026-39533
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
CVE-2026-28898
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
CVE-2026-28898
CVE-2026-28898 concerns swift-nio-http2, where the HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before translating to HTTP/1.1. The issue is addressed in swift-nio-http2 1.44.1, which adds validation for all pseudo-header values (:path, :authority, :scheme...
CVE-2026-54326
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...
Oracle Linux 9 : openssh (ELSA-2026-19219)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19219 advisory. - CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Resolves: RHEL-155825 - CVE-2025-61984...
CVE-2026-11373
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
EUVD-2026-38224
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
PT-2026-51292
Name of the Vulnerable Software and Affected Versions Net::Statsite::Client versions prior to 1.1.1 Description Net::Statsite::Client, a client for the statsite protocol a variant of statsd, allows metric injections. This occurs because newlines are not removed from metric names, and values are n...
Astra Linux – Vulnerability in Python 3.11, Python 3.7
The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...
Astra Linux – Vulnerability in Python 3.11, Python 3.7
The imaplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...
Astra Linux – Vulnerability in sudo
Before version 1.9.13, Sudo did not escape control characters in log messages...
Astra Linux – Vulnerability in OpenSSH
In OpenSSH versions prior to 10.1, control characters in user names that originated from certain potentially untrusted sources could lead to code execution when ProxyCommand was used. The potentially untrusted sources include the command line and the %-sequence expansion from a configuration file...
Astra Linux – Vulnerability in Shadow
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...
HTTP Request Smuggling
Netty is vulnerable to HTTP Request Smuggling. The vulnerability is due to HttpObjectDecoder improperly ignoring non-CRLF control characters before the request line, which allows an attacker to create request-boundary confusion between front-end and back-end components and potentially smuggle...
EUVD-2026-36468
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted...
GHSA-HVCG-QMG6-JM4C Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...
CVE-2026-50020
A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...