3 matches found
CRLF Injection
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to CRLF Injection via unsanitized carriage return characters in the data and comment fields of the EventStream class. An attacker can inject arbitra...
Use of Incorrectly-Resolved Name or Reference
Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the mount method. An attacker can manipulate request context and set unintended privilege flags by crafting...
Directory Traversal
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic utility. An attacker can access arbitrary files from backend storage by sending specially crafted request...