Skip to main content

Http4S

7 CVEs product

Monthly

CVE-2025-59822 Maven MEDIUM POC PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Request Smuggling Http4S
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2023-22465 Maven MEDIUM POC PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Http4S
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-41084 Maven MEDIUM POC PATCH This Month

http4s is an open source scala interface for HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Http4S
NVD GitHub
CVSS 3.1
4.7
EPSS
1.2%
CVE-2021-39185 Maven CRITICAL PATCH Act Now

Http4s is a minimal, idiomatic Scala interface for HTTP services. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http4S
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-32643 Maven MEDIUM PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Http4S
NVD GitHub
CVSS 3.1
5.8
EPSS
1.4%
CVE-2021-21294 Maven HIGH PATCH This Week

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Http4S
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-5280 Maven HIGH PATCH This Week

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http4S
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Request Smuggling Http4S
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Http4S
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM POC PATCH This Month

http4s is an open source scala interface for HTTP. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Http4S
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Http4s is a minimal, idiomatic Scala interface for HTTP services. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http4S
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Http4S
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Http4S
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http4S
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy