10 matches found
Security update for python-h2 (moderate)
openSUSE security update: security update for python-h2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20122-1 Rating: moderate References: bsc1248737 Cross-References: CVE-2025-57804 CVSS scores: CVE-2025-57804 SUSE : 5.3...
SUSE-SU-2026:20187-1 Security update for python-h2
This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...
Security update for python-h2
This update for python-h2 fixes the following issues: CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
Medium: python-h2
Issue Overview: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to...
openSUSE Security Advisory (SUSE-SU-2025:03199-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for python-h2
This update for python-h2 fixes the following issues: CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
CVE-2025-57804
A vulnerability was found in python-hyper/h2 that contains an input validation flaw that allows carriage return and line feed CRLF characters to be injected into HTTP/2 header fields. When requests are downgraded from HTTP/2 to HTTP/1.1, the library fails to enforce proper header validation, whic...
CVE-2025-57804
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...
CVE-2025-57804
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...
aapns (>=19.11.0 <=23.7.0), abq (>=0.1.0 <=0.1.4) +372 more potentially affected by CVE-2025-57804 via h2 (>=2.4.4 <=4.2.0)
h2 PYPI version =2.4.4, =19.11.0, =0.1.0, =0.0.1, =0.0.1, =0.4.0, =0.4.0, =2.1.0, =0.1.0, =2.0.0, =20.3.0rc1, =0.2.1, =0.3.2, =0.3.6, =0.3.8 and more Source cves: CVE-2025-57804 Source advisory: OSV:GHSA-847F-9342-265H...