Maven package
org.http4s/http4s-core
pkg:maven/org.http4s/http4s-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-22465 | — | >= 1.0.0-M1, <= 1.0.0-M30 | — | Jan 4, 2023 | Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parse | ||
| CVE-2021-32643 | — | >= 0.21.7, < 0.21.24 | 0.21.24 | May 27, 2021 | Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource under its scheme and authority. The function returns `F[None]`, indicating no re |
- CVE-2023-22465Jan 4, 2023affected >= 1.0.0-M1, <= 1.0.0-M30
Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parse
- CVE-2021-32643May 27, 2021affected >= 0.21.7, < 0.21.24fixed 0.21.24
Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource under its scheme and authority. The function returns `F[None]`, indicating no re