mint

CVEs (4)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-49754	Elixir Mint mint	Hig	0.46	—	—	Jun 2, 2026	Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood). When Mint's HTTP/2 receive path observes a HEADERS frame without the END_HEADERS…
CVE-2026-48862	Elixir Mint mint	Hig	0.46	—	—	Jun 2, 2026	Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH_PROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decode_push_promise_headers_and_add_response/5 inserts…
CVE-2026-49753	Elixir Mint mint	Med	0.34	—	—	Jun 2, 2026	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser,…
CVE-2026-48861	Elixir Mint mint	Low	0.07	—	—	Jun 2, 2026	Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode_request_line/2 function splices the caller-supplied method and target arguments…

CVE-2026-49754HigJun 2, 2026
Elixir Mint
mint
risk 0.46cvss —epss —
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood). When Mint's HTTP/2 receive path observes a HEADERS frame without the END_HEADERS…
CVE-2026-48862HigJun 2, 2026
Elixir Mint
mint
risk 0.46cvss —epss —
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH_PROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decode_push_promise_headers_and_add_response/5 inserts…
CVE-2026-49753MedJun 2, 2026
Elixir Mint
mint
risk 0.34cvss —epss —
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser,…
CVE-2026-48861LowJun 2, 2026
Elixir Mint
mint
risk 0.07cvss —epss —
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode_request_line/2 function splices the caller-supplied method and target arguments…