Lucene search
K

4 matches found

OSV
OSV
added 2026/06/17 6:18 p.m.4 views

DEBIAN-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50512

Name of the Vulnerable Software and Affected Versions undici versions prior to 6.26.0 undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The HTTP/1.1 client is subject to response queue poisoning when keep-alive sockets are reused. An attacker-controlled upstream server ca...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References119
OSV
OSV
added 2026/06/15 8:11 p.m.4 views

GHSA-4M7W-QMGQ-4WJ5 aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

Summary The serverhostname TLS SNI check can be bypassed when an existing connection is reused. Impact If an application makes multiple requests to the same domain, but with different per-request serverhostname parameters, then the later calls may succeed by reusing the existing connection when...

6.9CVSS5.4AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49589

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description The server hostname TLS SNI Server Name Indication check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain using different per-reque...

6.9CVSS5.8AI score0.00266EPSS
Exploits0References4
Rows per page
Query Builder