CVE-2026-9658

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

CVE-2026-9658

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

EUVD-2026-32892

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

SUSE SLES15 / openSUSE 15 Security Update : python310 (SUSE-SU-2026:0613-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0613-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable...

CVE-2024-40642

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

CVE-2024-40642

The CVE-2024-40642 issue affects the Netty incubator codec.bhttp BinaryHttpParser in affected releases, where readRequestHead mis-validates input values. This grants attackers significant control over HTTP requests constructed from parsed output, enabling injection attacks such as HTTP request sm...

Absent Input Validation in BinaryHttpParser

Summary BinaryHttpParser does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Robotic Process Automation and allow HTTP Header Injections (CVE-2022-34165)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Robotic Process Automation as part of OCR, Antivirus, and User Management Services which may allow HTTP header injection. This bulletin identifies the security fixes to apply to address this vulnerability...

Fedora 32 : python36 (2020-8bdd3fd7a4)

Python 3.6.11 Python 3.6.11 is the latest security fix release of Python 3.6. - bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. - bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such...

Security update for python (moderate)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2019:2389-1 Rating: moderate References: 1130840 1149955 1153238 Cross-References: CVE-2019-16056 CVE-2019-16935 CVE-2019-9947 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is now...

Security update for python (moderate)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2019:2393-1 Rating: moderate References: 1130840 1149955 1153238 Cross-References: CVE-2019-16056 CVE-2019-16935 CVE-2019-9947 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is now...

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2019:2743-1)

This update for python fixes the following issues : Security issues fixed : CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. bsc1130840 CVE-2019-16056: Fixed a parser issue in the email module...

SUSE-SU-2019:2743-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. bsc1130840 - CVE-2019-16056: Fixed a parser issue in the email module...