191 matches found
CVE-2026-54287
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...
CVE-2026-54287
Summary: Hono’s AWS Lambda adapter, in the ALB single-header mode and VPC Lattice v2, concatenates multiple Set-Cookie headers into a single comma-separated value, causing cookie attributes that include commas (e.g., Expires) to be misparsed or dropped. Affected components: Hono web framework; AW...
CVE-2026-54287
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...
hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...
GHSA-J6C9-X7QJ-28XF hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...
Improper Encoding or Escaping of Output
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the AWS Lambda adapter's handling of multiple Set-Cookie headers. An attacker can cause clients to drop or misinterpret cookies by triggering...
PT-2026-49734
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into a single comma-separated value. According to RFC 6265, each cookie must be its own...
USN-8398-3 nginx vulnerability
USN-8398-1 fixed a vulnerability in nginx. The update caused a regression and was temporarily reverted in USN-8398-2. This update introduces a complete fix for CVE-2026-49975. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain...
USN-8398-3: nginx vulnerability
USN-8398-1 fixed a vulnerability in nginx. The update caused a regression and was temporarily reverted in USN-8398-2. This update introduces a complete fix for CVE-2026-49975. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerability (USN-8398-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8398-1 advisory. It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could...
USN-8398-2: nginx regression
USN-8398-1 fixed a vulnerability in nginx. The update introduced a regression causing nginx to crash when being used with external modules. This update reverts the fix for CVE-2026-49975 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovere...
USN-8398-1 nginx vulnerability
It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service...
USN-8398-1: nginx vulnerability
It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service...
PT-2026-47594
It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service...
DEBIAN-CVE-2026-45300
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...
CVE-2026-45300
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...
CVE-2026-45300
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak Cookie headers to cross-origin redirect targets. When following a redirect to a...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Apache HTTP Server vulnerability (USN-8384-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8384-1 advisory. It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attack...
USN-8384-1 apache2 vulnerability
It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...
PT-2026-46876
It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...