http4s Latest High & Critical Vulnerabilities

Latest High & Critical vulnerabilities published by http4s

JSON RSS CSV 🔔 Create Alert Trigger

4 January 2023

Http4s has fatal error parsing User-Agent and Server headers
CVE-2023-22465
Http4sHttp4s7.5HIGH

21 September 2021

Response Splitting from unsanitized headers in http4s
CVE-2021-41084
Http4sHttp4s8.7HIGH

1 September 2021

Default CORS config allows any origin with credentials
CVE-2021-39185
Http4sHttp4s9.1CRITICAL

2 February 2021

Unbounded connection acceptance in http4s-blaze-server
CVE-2021-21294
Http4sHttp4s7.5HIGH
Unbounded connection acceptance leads to file handle exhaustion
CVE-2021-21293
Http4sBlaze7.5HIGH

25 March 2020

Local file inclusion vulnerability in http4s
CVE-2020-5280
Http4sHttp4s7.6HIGH