Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-22465

Опубликовано: 04 янв. 2023
Источник: nvd
CVSS3: 7.5
CVSS3: 5.3
EPSS Низкий

Описание

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a workaround, use the weakly typed header interface.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typelevel:http4s:*:*:*:*:*:*:*:*
Версия от 0.1.0 (включая) до 0.21.34 (исключая)
cpe:2.3:a:typelevel:http4s:*:*:*:*:*:*:*:*
Версия от 0.22.0 (включая) до 0.22.15 (исключая)
cpe:2.3:a:typelevel:http4s:*:*:*:*:*:*:*:*
Версия от 0.23.0 (включая) до 0.23.17 (исключая)
cpe:2.3:a:typelevel:http4s:1.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone28:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone29:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone30:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone31:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone32:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone33:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone34:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone35:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone36:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone37:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:typelevel:http4s:1.0.0:milestone9:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00335
Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-20
CWE-20

Связанные уязвимости

github логотип

GHSA-54w6-vxfh-fw7f

CVSS3: 7.5
github
около 3 лет назад

Http4s improperly parses User-Agent and Server headers

EPSS

Процентиль: 56%
0.00335
Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-20
CWE-20