19 matches found
EUVD-2026-34012
Tesla vulnerable to multipart part smuggling via unescaped content-disposition values...
EUVD-2026-34015
Tesla has decompression bomb on response body...
EUVD-2026-34016
Tesla has CRLF injection in request Content-Type header via addcontenttypeparam...
Exploit for CVE-2026-48595
CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...
Exploit for CVE-2026-48595
CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...
CVE-2026-48598
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...
CVE-2026-48596
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...
CVE-2026-48594
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...
CVE-2026-48596
Summary: CVE-2026-48596 affects the Elixir Tesla library (tesla) in its multipart handling. The vulnerability is in Tesla.Multipart.add_content_type_param/2, which appends caller-supplied strings to content_type_params without validating CR (\r) or LF (\n). Tesla.Multipart.headers/1 then joins th...
CVE-2026-48594
Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...
CVE-2026-48597
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...
CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...
CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...
CVE-2026-48598
The CVE-2026-48598 entry affects the Elixir Tesla library, specifically Tesla.Multipart.part_headers_for_disposition/1. The vulnerability arises from improper encoding of disposition parameters, treating each parameter as k="v" without sanitizing CR (\r), LF (\n), or double-quote characters. Mali...
CVE-2026-48598
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...
Tesla 安全漏洞
Tesla is an HTTP client software open-sourced by Elixir Tesla. Versions of Tesla from 0.6.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the size of decompressed data when processing highly compressed data, which could lead to...
PT-2026-45839
Name of the Vulnerable Software and Affected Versions tesla versions 0.8.0 through 1.18.2 Description Improper Neutralization of CRLF Sequences in HTTP Headers, also known as HTTP Request/Response Splitting, allows HTTP header injection. The function add content type param/2 within the...
PT-2026-45838
Name of the Vulnerable Software and Affected Versions tesla versions 1.4.0 through 1.18.2 Description Improper handling of case sensitivity in the Tesla.Middleware.FollowRedirects middleware allows credential leakage to third-party origins during cross-origin redirects. The system uses a...