Lucene search
K

18 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 10:32 a.m.29 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in h11-0.14.0-py3-none-any.whl CVE-2025-43859

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in h11-0.14.0-py3-none-any.whl CVE-2025-43859 Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of...

9.1CVSS7.5AI score0.00522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 11:4 a.m.15 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in h11-0.14.0-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of h11-0.14.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding...

9.1CVSS6.6AI score0.00522EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.4 views

Fedora 43 : python-h11 / python-httpcore (2025-5d6c60c63a)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-5d6c60c63a advisory. Update python-h11 to version 0.16.0 to resolve CVE-2025-43859. This also requires updating python- httpcore to version 1.0.9 to raise it's upper dependency...

9.1CVSS7.5AI score0.00522EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/20 11:48 a.m.6 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.This bulletin contains information regarding the vulnerability...

9.1CVSS6.5AI score0.00522EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/05/14 1:5 a.m.19 views

h11: h11 accepts some malformed Chunked-Encoding bodies

A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators...

9.1CVSS5.7AI score0.00522EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/05/11 12:0 a.m.6 views

Fedora 40 : python-h11 (2025-bd59b39ab6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bd59b39ab6 advisory. Backport upstream fix for CVE-2025-43859 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

9.1CVSS7.5AI score0.00522EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/11 12:0 a.m.9 views

Fedora 41 : python-h11 (2025-2fd25cfb83)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2fd25cfb83 advisory. Backport upstream fix for CVE-2025-43859 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

9.1CVSS7.5AI score0.00522EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/05/08 10:53 a.m.16 views

USN-7503-1: h11 vulnerability

Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage...

9.1CVSS7.5AI score0.00522EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/26 6:21 p.m.15 views

CVE-2025-43859

A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators. Mitigation Ensuring any applications using h11 are behind a correctly configured reverse proxy will prevent...

7.4CVSS8.9AI score0.00522EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/04/24 6:46 p.m.8 views

a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2554 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)

h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: SNYK:PYTHON-H11-10293728...

9.1CVSS7.1AI score0.00522EPSS
Exploits0
Snyk
Snyk
added 2025/04/24 6:46 p.m.2 views

HTTP Request Smuggling

Overview h11 is an A pure-Python, bring-your-own-I/O implementation of HTTP/1.1 Affected versions of this package are vulnerable to HTTP Request Smuggling via the class ChunkedReader in readers.py file, which performs the parsing of line terminators in chunked-coding message bodies. An attacker c...

9.3CVSS7AI score0.00522EPSS
Exploits0References2
CVE
CVE
added 2025/04/24 6:15 p.m.411 views

CVE-2025-43859

The CVE relates to the Python HTTP/1.1 implementation h11 (prior to 0.16.0). A leniency in parsing line terminators in chunked-coding message bodies can enable a request-smuggling vulnerability under certain conditions. The issue is mitigated by upgrading to v0.16.0 or by fixing either h11 or a b...

9.1CVSS9.4AI score0.00522EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/24 6:15 p.m.12 views

CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

9.1CVSS9.4AI score0.00522EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/04/24 6:15 p.m.4 views

CVE-2025-43859

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

9.1CVSS7.5AI score0.00522EPSS
Exploits0
Cvelist
Cvelist
added 2025/04/24 6:15 p.m.77 views

CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

9.1CVSS0.00522EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/04/24 4:7 p.m.6 views

a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2554 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)

h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: OSV:GHSA-VQFR-H8MV-GHFJ...

9.1CVSS7.1AI score0.00522EPSS
Exploits0
OSV
OSV
added 2025/04/24 4:7 p.m.4 views

GHSA-VQFR-H8MV-GHFJ h11 accepts some malformed Chunked-Encoding bodies

Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - \r\n - leng...

9.1CVSS6.8AI score0.00522EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2025/04/24 12:0 a.m.6 views

h11 accepts some malformed Chunked-Encoding bodies

h11 reports: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since...

9.1CVSS9.5AI score0.00522EPSS
Exploits0References1
Rows per page
Query Builder