Lucene search
+L

27 matches found

CVE
CVE
added 2 days ago10 views

CVE-2026-59249

The CVE concerns the Elixir Mint library (mint) and its HTTP/1.1 decoding path. Specifically, Mint.HTTP1.decode_body/5 parses chunk-size lines using Integer.parse(data, 16), which accepts a leading + or - despite RFC 7230 requiring unsigned hex digits. This leads to a mismatch with RFC-strict int...

6.3CVSS6.1AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 5 days ago3 views

SUSE-SU-2026:2883-1 Security update for nghttp2

This update for nghttp2 fixes the following issue - CVE-2026-58055: HTTP/1.1 Upgrade request can lead to HTTP request smuggling and cross-client response-queue poisoning bsc1269489...

6.3CVSS6.2AI score0.00202EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/11 4:58 a.m.8 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.9AI score0.00228EPSS
Exploits0References7
OSV
OSV
added 2026/07/09 12:56 p.m.3 views

OESA-2026-2977 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.7 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.6 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS0.00202EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/28 1:32 a.m.5 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0
CVE
CVE
added 2026/06/28 1:32 a.m.123 views

CVE-2026-58055

nghttp2 nghttpx (up to version 1.69.0) is affected. The proxy forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body to reusable keep-alive backend connections, re-adding Upgrade and Connection headers while passing Content-Length verbatim. This creates an ambiguo...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/28 1:32 a.m.12 views

EUVD-2026-39975

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/28 1:32 a.m.7 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 10:34 a.m.4 views

SUSE-SU-2026:2647-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS6.6AI score0.02806EPSS
Exploits3References39
OSV
OSV
added 2026/06/19 2:19 p.m.12 views

GHSA-35P6-XMWP-9G52 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 6:18 p.m.5 views

DEBIAN-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 6:18 p.m.9 views

UBUNTU-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 5:14 p.m.8 views

CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 5:14 p.m.25 views

CVE-2026-6733 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS0.00228EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 5:14 p.m.2 views

CVE-2026-6733 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS7.1AI score0.00228EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.19 views

PT-2026-53087

Name of the Vulnerable Software and Affected Versions nghttp2 nghttpx versions prior to 1.69.0 Description The nghttpx proxy forwards HTTP/1.1 Upgrade requests that contain a Content-Length header and body onto reusable keep-alive backend connections. During this process, it re-adds the Upgrade a...

6.3CVSS6AI score0.00202EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-1482

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01022EPSS
Exploits0References5
Rows per page
Query Builder