CVE-2023-22465

Exploit

EPSS 0.07%
Veröffentlicht 04.01.2023 16:15:09
Zuletzt bearbeitet 21.11.2024 07:44:51
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs.  In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a workaround, use the weakly typed header interface.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typelevel ≫ Http4s Version >= 0.1.0 < 0.21.34

Typelevel ≫ Http4s Version >= 0.22.0 < 0.22.15

Typelevel ≫ Http4s Version >= 0.23.0 < 0.23.17

Typelevel ≫ Http4s Version1.0.0 Updatemilestone1

Typelevel ≫ Http4s Version1.0.0 Updatemilestone10

Typelevel ≫ Http4s Version1.0.0 Updatemilestone11

Typelevel ≫ Http4s Version1.0.0 Updatemilestone12

Typelevel ≫ Http4s Version1.0.0 Updatemilestone13

Typelevel ≫ Http4s Version1.0.0 Updatemilestone14

Typelevel ≫ Http4s Version1.0.0 Updatemilestone15

Typelevel ≫ Http4s Version1.0.0 Updatemilestone16

Typelevel ≫ Http4s Version1.0.0 Updatemilestone17

Typelevel ≫ Http4s Version1.0.0 Updatemilestone18

Typelevel ≫ Http4s Version1.0.0 Updatemilestone19

Typelevel ≫ Http4s Version1.0.0 Updatemilestone2

Typelevel ≫ Http4s Version1.0.0 Updatemilestone20

Typelevel ≫ Http4s Version1.0.0 Updatemilestone21

Typelevel ≫ Http4s Version1.0.0 Updatemilestone22

Typelevel ≫ Http4s Version1.0.0 Updatemilestone23

Typelevel ≫ Http4s Version1.0.0 Updatemilestone24

Typelevel ≫ Http4s Version1.0.0 Updatemilestone25

Typelevel ≫ Http4s Version1.0.0 Updatemilestone26

Typelevel ≫ Http4s Version1.0.0 Updatemilestone27

Typelevel ≫ Http4s Version1.0.0 Updatemilestone28

Typelevel ≫ Http4s Version1.0.0 Updatemilestone29

Typelevel ≫ Http4s Version1.0.0 Updatemilestone3

Typelevel ≫ Http4s Version1.0.0 Updatemilestone30

Typelevel ≫ Http4s Version1.0.0 Updatemilestone31

Typelevel ≫ Http4s Version1.0.0 Updatemilestone32

Typelevel ≫ Http4s Version1.0.0 Updatemilestone33

Typelevel ≫ Http4s Version1.0.0 Updatemilestone34

Typelevel ≫ Http4s Version1.0.0 Updatemilestone35

Typelevel ≫ Http4s Version1.0.0 Updatemilestone36

Typelevel ≫ Http4s Version1.0.0 Updatemilestone37

Typelevel ≫ Http4s Version1.0.0 Updatemilestone4

Typelevel ≫ Http4s Version1.0.0 Updatemilestone5

Typelevel ≫ Http4s Version1.0.0 Updatemilestone6

Typelevel ≫ Http4s Version1.0.0 Updatemilestone7

Typelevel ≫ Http4s Version1.0.0 Updatemilestone8

Typelevel ≫ Http4s Version1.0.0 Updatemilestone9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.212

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/http4s/http4s/security/advisories/GHSA-54w6-vxfh-fw7f

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2023-22465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22465

EUVD