Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typelevel http4s 1.0.0 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-39185
Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 up to and including 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 up to and including 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The ...
Typelevel Http4s
Typelevel Http4s 0.23.0
Typelevel Http4s 0.23.1
Typelevel Http4s 1.0.0
7.5
CVSSv3
CVE-2021-21294
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s prior to 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unbounde...
Typelevel Http4s
5.8
CVSSv3
CVE-2021-32643
Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource under its scheme and authority. The function returns `F[None]`, indicating no re...
Typelevel Http4s
Typelevel Http4s 0.22.0
Typelevel Http4s 0.23.0
Typelevel Http4s 1.0.0
5.3
CVSSv3
CVE-2023-22465
Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed...
Typelevel Http4s 1.0.0
Typelevel Http4s
4.7
CVSSv3
CVE-2021-41084
http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.val...
Typelevel Http4s 1.0.0
Typelevel Http4s
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started