Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Http4s Security Vulnerabilities

cve
cve

CVE-2023-22465

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only...

7.5CVSS

5.2AI Score

0.001EPSS

2023-01-04 04:15 PM
59
cve
cve

CVE-2021-41084

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (Header.nameΓ₯), Header values (Header.value), Status reason phrases.....

8.7CVSS

4.7AI Score

0.002EPSS

2021-09-21 06:15 PM
30
cve
cve

CVE-2021-21293

blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a.....

7.5CVSS

7.2AI Score

0.001EPSS

2021-02-02 10:15 PM
42
cve
cve

CVE-2021-21294

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

7.5CVSS

7.4AI Score

0.001EPSS

2021-02-02 10:15 PM
43
3
cve
cve

CVE-2021-39185

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

9.1CVSS

9.1AI Score

0.001EPSS

2021-09-01 08:15 PM
31
cve
cve

CVE-2021-32643

Http4s is a Scala interface for HTTP services. StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns F[None], indicating no resource, if url.getFile is.....

5.8CVSS

5.5AI Score

0.001EPSS

2021-05-27 06:15 PM
35
4
cve
cve

CVE-2020-5280

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization....

7.6CVSS

7.2AI Score

0.049EPSS

2020-03-25 06:15 PM
44