18 matches found
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in h11-0.14.0-py3-none-any.whl CVE-2025-43859
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in h11-0.14.0-py3-none-any.whl CVE-2025-43859 Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in h11-0.14.0-py3-none-any.whl
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of h11-0.14.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding...
Fedora 43 : python-h11 / python-httpcore (2025-5d6c60c63a)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-5d6c60c63a advisory. Update python-h11 to version 0.16.0 to resolve CVE-2025-43859. This also requires updating python- httpcore to version 1.0.9 to raise it's upper dependency...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.This bulletin contains information regarding the vulnerability...
h11: h11 accepts some malformed Chunked-Encoding bodies
A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators...
Fedora 40 : python-h11 (2025-bd59b39ab6)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bd59b39ab6 advisory. Backport upstream fix for CVE-2025-43859 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Fedora 41 : python-h11 (2025-2fd25cfb83)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-2fd25cfb83 advisory. Backport upstream fix for CVE-2025-43859 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
USN-7503-1: h11 vulnerability
Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage...
CVE-2025-43859
A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators. Mitigation Ensuring any applications using h11 are behind a correctly configured reverse proxy will prevent...
a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2554 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)
h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: SNYK:PYTHON-H11-10293728...
HTTP Request Smuggling
Overview h11 is an A pure-Python, bring-your-own-I/O implementation of HTTP/1.1 Affected versions of this package are vulnerable to HTTP Request Smuggling via the class ChunkedReader in readers.py file, which performs the parsing of line terminators in chunked-coding message bodies. An attacker c...
CVE-2025-43859
The CVE relates to the Python HTTP/1.1 implementation h11 (prior to 0.16.0). A leniency in parsing line terminators in chunked-coding message bodies can enable a request-smuggling vulnerability under certain conditions. The issue is mitigated by upgrading to v0.16.0 or by fixing either h11 or a b...
CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...
CVE-2025-43859
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...
CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...
a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2554 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)
h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: OSV:GHSA-VQFR-H8MV-GHFJ...
GHSA-VQFR-H8MV-GHFJ h11 accepts some malformed Chunked-Encoding bodies
Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - \r\n - leng...
h11 accepts some malformed Chunked-Encoding bodies
h11 reports: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since...