NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the getclientip process when the server is configured with trusted proxies and receives a specially crafted X-Forwarded-For header that parses to no valid IP segments. An attacker can cause abnormal process...

DEBIAN-CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

OPENSUSE-SU-2026:10435-1 cpp-httplib-devel-0.38.0-1.1 on GA media

These are all security issues fixed in the cpp-httplib-devel-0.38.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-32627

cpp-httplib before 0.37.2 is vulnerable when using a proxy and set_follow_location(true): HTTPS redirects can bypass TLS certificate and hostname verification on the redirected connection, allowing a network attacker to intercept credentials or tokens. The issue is fixed in 0.37.2.

SUSE CVE-2026-28434

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via setexceptionhandler, the library catches the exception and writes its message...

OESA-2025-1721 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is an HTTP/HTTPS server and client library written in C++ by individual developers of yhirose. cpp-httplib version 0.21.0 has a...

CRLF Injection

httplib library used by urllib, urllib2 and others in Python is vulnerable to CRLF injection attacks. The vulnerability exists because it fails to sufficiently sanitize user input. This allows remote attackers to inject additional headers in a Python application that allowed user provided header...

EulerOS 2.0 SP1 : python (EulerOS-SA-2016-1036)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Python CGIHandler class did not properly protect against the HTTPPROXY variable name clash in a CGI context. A remote...

CentOS Update for python CESA-2016:1626 centos7

Check the version of python SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882545";...

python: http protocol steam injection attack

It was found that the Python's httplib library used by urllib, urllib2 and others did not properly check HTTPConnection.putheader function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values...

Moderate: Red Hat Security Advisory: python27-python security update

An update for python27-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

UBUNTU-CVE-2014-9365

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...