Skip to main content

Libhv

3 CVEs product

Monthly

CVE-2023-26148 MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Libhv
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-26147 MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Libhv
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26146 MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Libhv
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Libhv
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Libhv
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Libhv
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy