14 matches found
EUVD-2023-1729
Malicious code in bioql PyPI...
CVE-2022-3215
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other...
GHSA-MGC4-WQV7-4PXM SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other...
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other issues. Thi...
CVE-2022-3215
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...
CVE-2022-3215
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...
Design/Logic Flaw
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...
CVE-2022-3215
CVE-2022-3215 affects NIOHTTP1 and projects using it (e.g., SwiftNIO) where user input reflected into HTTP response headers can enable a HTTP Response Injection via CRLF sequences. The root cause is improper handling of input in HTTP headers, allowing newlines to be injected into responses, poten...
CVE-2022-3215
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...
PT-2022-21119 · Apple · Swiftnio
Name of the Vulnerable Software and Affected Versions: NIOHTTP1 affected versions not specified SwiftNIO affected versions not specified Description: The issue occurs when a HTTP/1.1 server accepts user-generated input from an incoming request and reflects it into a HTTP/1.1 response header. A...
OSV-2022-902 Invalid-free in function signature specialization <Arg
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51434 Crash type: Invalid-free Crash state: function signature specialization Arg NIOHTTP1.HTTPDecoder.didFinishHead protocol witness for NIOHTTP1...