Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typelevel http4s vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-39185
Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 up to and including 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 up to and including 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The ...
Typelevel Http4s
Typelevel Http4s 0.23.0
Typelevel Http4s 0.23.1
Typelevel Http4s 1.0.0
7.5
CVSSv3
CVE-2021-21293
blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unc...
Typelevel Blaze
7.5
CVSSv3
CVE-2021-21294
Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s prior to 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unbounde...
Typelevel Http4s
7.5
CVSSv3
CVE-2020-5280
http4s prior to 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI no...
Typelevel Http4s
5.8
CVSSv3
CVE-2021-32643
Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource under its scheme and authority. The function returns `F[None]`, indicating no re...
Typelevel Http4s
Typelevel Http4s 0.22.0
Typelevel Http4s 0.23.0
Typelevel Http4s 1.0.0
5.3
CVSSv3
CVE-2023-22465
Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed...
Typelevel Http4s 1.0.0
Typelevel Http4s
4.7
CVSSv3
CVE-2021-41084
http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.val...
Typelevel Http4s 1.0.0
Typelevel Http4s
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started