CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/05/28 12:30 p.m.•4 views

GHSA-9FM9-HP7P-53MF Hackney fails to properly release HTTP connections to the pool

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release...

2.3CVSS7.2AI score0.00733EPSS

Exploits0References5

Github Security Blog•added 2025/05/28 12:30 p.m.•11 views

Hackney fails to properly release HTTP connections to the pool

2.3CVSS6.9AI score0.00733EPSS

Exploits0References5Affected Software1

NVD•added 2025/05/28 12:15 p.m.•19 views

CVE-2025-3864

2.3CVSS0.00733EPSS

ATTACKERKB•added 2025/05/28 12:15 p.m.•3 views

CVE-2025-3864

2.3CVSS5.8AI score0.00733EPSS

Cvelist•added 2025/05/28 11:19 a.m.•23 views

CVE-2025-3864 Connection pool exhaustion in hackney

2.3CVSS0.00733EPSS

CVE•added 2025/05/28 11:19 a.m.•46 views

CVE-2025-3864

Hackney contains a vulnerability where it fails to properly release HTTP connections back to the pool after handling 307 Temporary Redirect responses, which can exhaust connection pools and cause denial of service in applications using the library. The issue is tied to CVE-2025-3864. A fix is inc...

2.3CVSS6.7AI score0.00733EPSS

Vulnrichment•added 2025/05/28 11:19 a.m.•9 views

CVE-2025-3864 Connection pool exhaustion in hackney

2.3CVSS7AI score0.00733EPSS

CNNVD•added 2025/05/28 12:0 a.m.•3 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney that originates from not properly releasing an HTTP connection after processing a 307 redirect response, which could result in a denial of service...

2.3CVSS6.5AI score0.00733EPSS

Positive Technologies•added 2025/05/28 12:0 a.m.•4 views

PT-2025-23077

Name of the Vulnerable Software and Affected Versions Hackney versions prior to 1.24.0 Description The issue arises from Hackney's failure to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. This allows remote attackers to exhaust connection pools,...

2.3CVSS5.9AI score0.00733EPSS

Exploits0References11

OSV•added 2025/02/11 6:30 a.m.•6 views

GHSA-VQ52-99R9-H5PW Server-side Request Forgery (SSRF) in hackney

Versions of the package hackney from 0.0.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney will...

Github Security Blog•added 2025/02/11 6:30 a.m.•8 views

Exploits0References7

Server-side Request Forgery (SSRF) in hackney

Exploits0References7Affected Software1

NVD•added 2025/02/11 5:15 a.m.•4 views

CVE-2025-1211

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...

6.5CVSS0.0048EPSS

OSV•added 2025/02/11 5:15 a.m.•4 views

CVE-2025-1211

6.3CVSS6.8AI score

Vulnrichment•added 2025/02/11 5:0 a.m.•7 views

CVE-2025-1211

Cvelist•added 2025/02/11 5:0 a.m.•12 views

CVE-2025-1211

6.5CVSS0.0048EPSS

CVE•added 2025/02/11 5:0 a.m.•60 views

CVE-2025-1211

CVE-2025-1211 affects hackney releases before 1.21.0. The root cause is improper URL parsing by the URI module and hackey, leading to SSRF when a URL like http://[email protected]/ is parsed so that the host differs between the parsing function and hackney. This can enable an attacker to misro...