rpm package
opensuse/cpp-httplib&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cpp-httplib&distro=openSUSE%20Tumbleweed
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-46527 | Hig | 7.5 | < 0.46.1-1.1 | 0.46.1-1.1 | May 29, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose valu | |
| CVE-2026-45372 | Cri | 9.9 | < 0.46.1-1.1 | 0.46.1-1.1 | May 29, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check (is_field_value) is run befor | |
| CVE-2026-34441 | Med | 4.8 | < 0.42.0-1.1 | 0.42.0-1.1 | Mar 31, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connect | |
| CVE-2026-33745 | Hig | 7.4 | < 0.42.0-1.1 | 0.42.0-1.1 | Mar 27, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A | |
| CVE-2026-32627 | — | < 0.38.0-1.1 | 0.38.0-1.1 | Mar 13, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabl | ||
| CVE-2026-29076 | — | < 0.38.0-1.1 | 0.38.0-1.1 | Mar 7, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtra | ||
| CVE-2026-28435 | — | < 0.38.0-1.1 | 0.38.0-1.1 | Mar 4, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (streaming ContentReader) with Content | ||
| CVE-2026-28434 | — | < 0.38.0-1.1 | 0.38.0-1.1 | Mar 4, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the library catches the exception and wr | ||
| CVE-2026-22776 | — | < 0.38.0-1.1 | 0.38.0-1.1 | Jan 12, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library va | ||
| CVE-2026-21428 | — | < 0.38.0-1.1 | 0.38.0-1.1 | Jan 1, 2026 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability all | ||
| CVE-2025-66577 | — | < 0.28.0-1.1 | 0.28.0-1.1 | Dec 5, 2025 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real- | ||
| CVE-2025-66570 | — | < 0.28.0-1.1 | 0.28.0-1.1 | Dec 5, 2025 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, | ||
| CVE-2025-46728 | — | < 0.20.1-1.1 | 0.20.1-1.1 | May 6, 2025 | cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attack |
- affected < 0.46.1-1.1fixed 0.46.1-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose valu
- affected < 0.46.1-1.1fixed 0.46.1-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check (is_field_value) is run befor
- affected < 0.42.0-1.1fixed 0.42.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connect
- affected < 0.42.0-1.1fixed 0.42.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A
- CVE-2026-32627Mar 13, 2026affected < 0.38.0-1.1fixed 0.38.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabl
- CVE-2026-29076Mar 7, 2026affected < 0.38.0-1.1fixed 0.38.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtra
- CVE-2026-28435Mar 4, 2026affected < 0.38.0-1.1fixed 0.38.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (streaming ContentReader) with Content
- CVE-2026-28434Mar 4, 2026affected < 0.38.0-1.1fixed 0.38.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the library catches the exception and wr
- CVE-2026-22776Jan 12, 2026affected < 0.38.0-1.1fixed 0.38.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library va
- CVE-2026-21428Jan 1, 2026affected < 0.38.0-1.1fixed 0.38.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability all
- CVE-2025-66577Dec 5, 2025affected < 0.28.0-1.1fixed 0.28.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-
- CVE-2025-66570Dec 5, 2025affected < 0.28.0-1.1fixed 0.28.0-1.1
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR,
- CVE-2025-46728May 6, 2025affected < 0.20.1-1.1fixed 0.20.1-1.1
cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attack