CVE-2026-43974

A flaw was found in gun. A malicious HTTP server can exploit this vulnerability by sending an unsolicited '101 Switching Protocols' response to a gun client. This action forces the client into a raw protocol mode, allowing the server to flood the client with arbitrary data. This uncontrolled data...

CVE-2026-43974

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

CVE-2026-43973

Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...

CVE-2026-43973

CVE-2026-43973 concerns the Erlang/Elixir library gun_http in the Gun framework. The vulnerability is an uncontrolled resource consumption: three code paths in gun_http:handle/5 accumulate TCP data into a connection buffer using binary concatenation with no upper bound. If a malicious server send...

CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...

CVE-2026-43973 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

Uncontrolled Resource Consumption vulnerability in ninenines gun gunhttp module allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gunhttp:handle/5, three clauses accumulate incoming TCP data into the connection's buffer field using binary concatenati...

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

EUVD-2026-35073

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

EEF-CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Summary Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised...

EEF-CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Summary Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is receive...

CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

CVE-2026-43974

The CVE concerns the gun_http module of the Erlang-based Gun library (gun_http) in the Gun HTTP client. Affected versions: Gun 2.0.0 up to but not including 2.4.0. Root cause: when a 101 Switching Protocols response arrives over HTTP/1.1, Gun only validates the Upgrade header syntax and the strea...

Gun 安全漏洞

Gun is an open-source Erlang HTTP client developed by Nine Nines that supports HTTP/1.1, HTTP/2, and WebSocket. Versions of Gun from 2.0.0 to 2.4.0 contained security vulnerabilities. These vulnerabilities stemmed from unexpected status codes or return values in the gunhttp module, which could...

Gun 安全漏洞

Gun is an open-source Erlang HTTP client developed by Nine Nines, supporting HTTP/1.1, HTTP/2, and WebSocket. Versions of Gun from 1.0.0 to 2.4.0 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled resource consumption in the gunhttp module, which could allow...

PT-2026-47300

Name of the Vulnerable Software and Affected Versions gun versions 2.0.0 through 2.3.x Description An issue in the gun http module allows a malicious HTTP server to force a client into raw protocol mode by sending an unsolicited 101 Switching Protocols response. In the handle inform/8 function, t...

PT-2026-47299

Name of the Vulnerable Software and Affected Versions ninenines gun versions 1.0.0 through 2.3.x Description Uncontrolled Resource Consumption in the gun http module allows a malicious server to exhaust client memory through unbounded HTTP/1.1 response buffering. In the handle/5 function, three...

Gun 访问控制错误漏洞

Gun is an open-source Erlang HTTP client developed by Nine Nines that supports HTTP/1.1, HTTP/2, and WebSocket. In versions 2.0.0 to 2.4.0 of Gun, there was a access control vulnerability. This vulnerability stemmed from a source validation error in the gunhttp2 module, which could allow...

Malicious code in tea_gunfinal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e39061b5c4bd19ce1c4484339c02362e1c72a8e487bd6902d4403694902843e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

bako5 (=1.1.4), tea_gun (>=1.1.2 <=1.1.3) potentially affected by unknown CVE via tea_gun (=1.1.4)

teagun NPM version =1.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on teagun and may be impacted: - bako5 =1.1.4 - teagun =1.1.2, =1.1.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-181567...