CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

CVE-2025-57804

CVE-2025-57804 affects the Python package h2 (HTTP/2 protocol stack). Prior to version 4.3.0, it allows HTTP/2 request splitting via CRLF injection in headers when servers downgrade HTTP/2 requests to HTTP/1.1 without validating header names/values. This can enable attackers to manipulate request...

PT-2024-33792

Name of the Vulnerable Software and Affected Versions: Wapro ERP Desktop versions prior to 9.00.0 Description: The issue affects Wapro ERP Desktop, where it is vulnerable to MS SQL protocol downgrade requests from the server side. This could lead to unencrypted communication, making it vulnerable...

Vulnerability of the OpenSSL software, which allows a malicious attacker to compromise protected information

The vulnerability in the ssl23getclienthello function of s23srvr.c for OpenSSL allows a malicious actor to downgrade the TLS protocol version by fragmenting the ClientHello message during data exchange between the client and servers that support newer versions of the protocol...