com.alejandrohdezma:http4s-munit-testcontainers_2.13 (=0.8.0), com.alejandrohdezma:http4s-munit_2.13 (=0.8.0) +54 more potentially affected by CVE-2021-41084 via org.http4s:http4s-client_2.13 (>=0.22.0 <=0.22.4)

org.http4s:http4s-client2.13 MAVEN version =0.22.0, =2.0.0, =0.12.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.12.0, =0.17.0, =0.17.0, =0.12.0, =0.17.0-11-3359289, =0.17.0, =0.17.1 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

com.avast:sst-app-monix_3 (>=0.17.0 <=0.19.3), com.avast:sst-app-zio_3 (>=0.17.0 <=0.19.3) +23 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_3 (>=0.22.0 <=0.22.4)

org.http4s:http4s-server3 MAVEN version =0.22.0, =0.17.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =0.16.0, =0.18.1, =0.22.0, =0.22.0, =0.22.15 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

com.akolov:doorman_2.13 (>=0.2.0 <=0.4.0), com.avast.grpc:grpc-json-bridge-http4s_2.13 (>=0.18.3 <=0.18.7) +120 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_2.13 (>=0.10.0-M10 <=0.21.28)

org.http4s:http4s-server2.13 MAVEN version =0.10.0-M10, =0.2.0, =0.18.3, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.0.7, =0.0.7, =0.5-18-6fc7190, =0.0.38, =0.0.38, =0.0.38, =0.0.38, =0.0.42 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

io.github.jmcardon:tsec-http4s_2.13.0-M5 (>=0.1.0 <=0.1.0-M4), org.http4s:http4s-blaze-server_2.13.0-M5 (>=0.20.0 <=0.20.10) +3 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_2.13.0-M5 (>=0.20.0-RC1 <=0.20.9)

org.http4s:http4s-server2.13.0-M5 MAVEN version =0.20.0-RC1, =0.1.0, =0.20.0, =0.20.0, =0.20.0, =0.20.0, =0.20.10 Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

ch.j3t:zio-prefetcher_2.13 (=0.8.0-RC6), co.topl:brambl-cli_2.13 (>=2.0.0-beta1 <=2.0.0-beta6) +149 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_2.13 (>=0.23.0 <=0.23.34)

org.http4s:http4s-server2.13 MAVEN version =0.23.0, =2.0.0-beta1, =0.5-2-4dad691, =0.0.1, =0.12.1, =0.2.0, =7.1.0, =0.1.0, =0.20.2, =1.1.1, =0.0.1, =1.2.2, =1.4.10 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

ba.sake:sharaf-http4s_3 (>=0.17.0 <=0.18.2), ba.sake:sharaf-https_3 (>=0.14.0 <=0.16.0) +189 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_3 (>=0.23.0 <=0.23.34)

org.http4s:http4s-server3 MAVEN version =0.23.0, =0.17.0, =0.14.0, =2.0.21, =2.0.21, =2.0.21, =0.2.0, =0.0.1, =0.1.0, =0.12.1, =7.1.0, =0.22.0, =0.1.0, =1.1.1, =3.1.2 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

Response Splitting from unsanitized headers

Impact http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå Header values Header.value Status reason phrases Status.reason URI paths Uri.Path URI authority registered names...

com.47deg:embedded-cassandra-core_2.12 (=0.0.7), com.47deg:github4s_2.12 (>=0.22.0 <=0.28.5) +181 more potentially affected by CVE-2021-41084 via org.http4s:http4s-client_2.12 (>=0.10.0-M10 <=0.21.28)

org.http4s:http4s-client2.12 MAVEN version =0.10.0-M10, =0.22.0, =0.13.2, =0.2.6, =0.3.0, =0.2.0, =0.1.0, =0.1.4, =0.1.4, =0.1.4, =0.1.4, =0.1.11, =0.11.3 - com.azavea.geotrellis:geotrellis-server-stac-example2.12 =4.4.0 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X...

com.avast.grpc:grpc-json-bridge-http4s_2.13 (>=0.18.8 <=0.19.0), com.avast:sst-app-monix_2.13 (>=0.17.0 <=0.19.3) +52 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_2.13 (>=0.22.0 <=0.22.4)

org.http4s:http4s-server2.13 MAVEN version =0.22.0, =0.18.8, =0.17.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.12.0, =0.17.0, =0.17.0, =0.12.0, =0.12.0, =0.5-2-4dad691, =0.12.0, =0.16.1 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

com.avast:sst-bundle-monix-http4s-blaze_3 (>=0.16.0 <=0.19.3), com.avast:sst-bundle-monix-http4s-ember_3 (>=0.17.0 <=0.19.3) +18 more potentially affected by CVE-2021-41084 via org.http4s:http4s-client_3 (>=0.22.0 <=0.22.4)

org.http4s:http4s-client3 MAVEN version =0.22.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =4.0.3, =0.22.0, =0.22.0, =0.22.0, =0.22.15 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

com.alejandrohdezma:http4s-munit-testcontainers_2.12 (=0.8.0), com.alejandrohdezma:http4s-munit_2.12 (=0.8.0) +46 more potentially affected by CVE-2021-41084 via org.http4s:http4s-client_2.12 (>=0.22.0 <=0.22.4)

org.http4s:http4s-client2.12 MAVEN version =0.22.0, =0.12.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.12.0, =0.17.0, =0.17.0, =0.12.0, =0.17.0-11-3359289, =0.12.0, =0.17.19 and more Source cves: CVE-2021-41084 Source advisory: OSV:GHSA-5VCM-3XC3-W7X3...

com.avast.grpc:grpc-json-bridge-http4s_2.12 (>=0.18.8 <=0.19.0), com.avast:sst-app-monix_2.12 (>=0.17.0 <=0.19.3) +44 more potentially affected by CVE-2021-41084 via org.http4s:http4s-server_2.12 (>=0.22.0 <=0.22.4)

org.http4s:http4s-server2.12 MAVEN version =0.22.0, =0.18.8, =0.17.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.17.0, =0.12.0, =0.12.0, =0.17.0, =0.17.0, =0.12.0, =0.12.0, =0.12.0, =0.1.1, =5.0.0-PREVIEW.pvfixrelease.2025-12-09T1243.b669d29d and more Source cves: CVE-2021-41084 Source advisory:...

Response Splitting

http4s-client is vulnerable to response splitting. Creating the fields such as Header names Header.name, Header values Header.value, Status reason phrases Status.reason, URI paths Uri.Path, URI authority registered names URI.RegName allows an attacker to inject a malicious character such as...

CVE-2021-41084

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

CVE-2021-41084

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

Design/Logic Flaw

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

CVE-2021-41084 Response Splitting from unsanitized headers in http4s

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

CVE-2021-41084

The CVE-2021-41084 issue affects http4s, where untrusted input in header names, header values, status reason phrases, URI paths, or URI registered names can enable response-splitting or request-splitting attacks. The vulnerability spans affected http4s versions up to 0.21.x and is fixed in 0.21.3...

http4s 注入漏洞

http4s is an open source streaming HTTP server for Scala. http4s suffers from an injection vulnerability that arises from improper design or implementation during code development of a network system or product...

ch.j3t:zio-prefetcher_2.13 (=0.8.0-RC6), com.47deg:energy-monitor-persistence-app_2.13 (=0.2.0) +98 more potentially affected by CVE-2021-39185 via org.http4s:http4s-server_2.13 (>=0.23.0 <=0.23.19)

org.http4s:http4s-server2.13 MAVEN version =0.23.0, =0.0.1, =0.12.1, =0.2.0, =0.1.0, =0.20.2, =1.1.1, =0.0.1, =1.2.2, =1.2.2, =1.2.2, =1.4.10 and more Source cves: CVE-2021-39185 Source advisory: OSV:GHSA-52CF-226F-RHR6...