Описание
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
| Релиз | Статус | Примечание |
|---|---|---|
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/noble | released | 0.14.0-1ubuntu0.24.04.1 |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | released | 0.14.0-1ubuntu0.24.04.1 |
| oracular | released | 0.14.0-1ubuntu0.24.10.1 |
| plucky | released | 0.14.0-1ubuntu0.25.04.1 |
| upstream | released | 0.16.0 |
Показывать по
9.1 Critical
CVSS3
Связанные уязвимости
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a ...
h11 accepts some malformed Chunked-Encoding bodies
9.1 Critical
CVSS3