Lucene search
K

99 matches found

Cvelist
Cvelist
added 6 days ago16 views

CVE-2026-28898

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...

0.00192EPSS
Exploits0References1
CVE
CVE
added 6 days ago37 views

CVE-2026-28898

CVE-2026-28898 concerns swift-nio-http2, where the HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before translating to HTTP/1.1. The issue is addressed in swift-nio-http2 1.44.1, which adds validation for all pseudo-header values (:path, :authority, :scheme...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 3:8 p.m.12 views

SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 3:8 p.m.7 views

GHSA-4PX2-PW77-VC85 SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

5.5AI score0.00192EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 3:8 p.m.4 views

GHSA-6PH5-FWW6-VFWV NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length

Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...

6.9CVSS5.5AI score0.00042EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 3:7 p.m.8 views

SwiftNIO NIOHTTP1: HTTPDecoder accepts unbounded HTTP/1 header blocks, enabling remote DoS

Summary The HTTPDecoder in NIOHTTP1 enforces no limit on the total size of an HTTP/1 message's header block or on the number of header fields per message. A remote peer can submit an arbitrary number of small, valid headers in a single request and have them all accumulated into the resulting...

5.8AI score0.00048EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 3:7 p.m.7 views

SwiftNIO: Out-of-bounds write via ByteBuffer index and length UInt32 overflow

Summary A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding UInt32.max are passed to some ByteBuffer methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in 2.100.0 and later releases. Detai...

6AI score0.00042EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 3:7 p.m.6 views

GHSA-R3RC-9HPW-54V9 SwiftNIO: Out-of-bounds write via ByteBuffer index and length UInt32 overflow

Summary A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding UInt32.max are passed to some ByteBuffer methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in 2.100.0 and later releases. Detai...

8.3CVSS6AI score0.00042EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 3:7 p.m.9 views

SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

5.7AI score0.00044EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 3:7 p.m.33 views

GHSA-CQ87-8R7H-962V SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-48923

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48928

Summary A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding UInt32.max are passed to some ByteBuffer methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in 2.100.0 and later releases. Detai...

8.3CVSS5.9AI score0.00042EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.9 views

SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

5.6AI score0.00044EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.10 views

SwiftNIO NIOHTTP1: HTTPDecoder accepts unbounded HTTP/1 header blocks, enabling remote DoS

The HTTPDecoder in NIOHTTP1 enforces no limit on the total size of an HTTP/1 message's header block or on the number of header fields per message. A remote peer can submit an arbitrary number of small, valid headers in a single request and have them all accumulated into the resulting HTTPHeaders...

5.6AI score0.00048EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.15 views

CVE-2022-0618

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSHPROMISE frame where the frame contains padding information...

7.8CVSS6.8AI score0.01248EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1597

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01101EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1634

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01101EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29531

Malicious code in bioql PyPI...

6.6AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1524

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01333EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/13 11:54 p.m.29 views

swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability

The HTTP/2 MadeYouReset vulnerability has a mild effect on swift-nio-http2. swift-nio-http2 mostly protects against MadeYouReset by using a number of existing denial-of-service prevention patterns that we added in response to the RapidReset vulnerabilities. The result is that servers are not...

7.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder