Количество 7
Количество 7
GHSA-847f-9342-265h
h2 allows HTTP Request Smuggling due to illegal characters in headers
CVE-2025-57804
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
CVE-2025-57804
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
CVE-2025-57804
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
CVE-2025-57804
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ...
SUSE-SU-2025:03273-1
Security update for python-h2
SUSE-SU-2025:03199-1
Security update for python-h2
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-847f-9342-265h h2 allows HTTP Request Smuggling due to illegal characters in headers | 0% Низкий | 4 месяца назад | |
 | CVE-2025-57804 h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0. | 0% Низкий | 4 месяца назад | |
 | CVE-2025-57804 h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0. | CVSS3: 5.3 | 0% Низкий | 4 месяца назад |
 | CVE-2025-57804 h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0. | 0% Низкий | 4 месяца назад | |
| CVE-2025-57804 h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ... | 0% Низкий | 4 месяца назад | |
 | SUSE-SU-2025:03273-1 Security update for python-h2 | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:03199-1 Security update for python-h2 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу