Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in h11-0.14.0-py3-none-any.whl CVE-2025-43859

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in h11-0.14.0-py3-none-any.whl CVE-2025-43859 Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in h11-0.14.0-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of h11-0.14.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.This bulletin contains information regarding the vulnerability...

h11: h11 accepts some malformed Chunked-Encoding bodies

A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators...

USN-7503-1: h11 vulnerability

Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage...

HTTP Request Smuggling

Overview h11 is an A pure-Python, bring-your-own-I/O implementation of HTTP/1.1 Affected versions of this package are vulnerable to HTTP Request Smuggling via the class ChunkedReader in readers.py file, which performs the parsing of line terminators in chunked-coding message bodies. An attacker c...

a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2561 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)

h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: SNYK:PYTHON-H11-10293728...

CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

CVE-2025-43859

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

a7a1234 (=1.0.0), aas2openapi (>=0.2.0 <=0.2.4) +2561 more potentially affected by CVE-2025-43859 via h11 (>=0.10.0 <=0.15.0)

h11 PYPI version =0.10.0, =0.2.0, =0.2.1, =1.2.1, =0.7.3.post0, =0.1.0, =2.0.0.1, =0.0.1, =0.1.0, =0.8.3, =0.1.0, =4.8.2, =0.1.0, =0.1.1 - adminui =1.5.2 and more Source cves: CVE-2025-43859 Source advisory: OSV:GHSA-VQFR-H8MV-GHFJ...