CVE-2023-22465

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22465

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22465.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22465

Aliases

GHSA-54w6-vxfh-fw7f

Related

GHSA-54w6-vxfh-fw7f

Published

2023-01-04T16:15:09Z

Modified

2025-02-19T03:31:13.314600Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a workaround, use the weakly typed header interface.

References

https://github.com/http4s/http4s/security/advisories/GHSA-54w6-vxfh-fw7f

Affected packages

Git / github.com/http4s/http4s

Affected ranges

Type: GIT
Repo: https://github.com/http4s/http4s
Events: Introduced

1cb3dd7d66767ad02f6431d290ca14c07ec99c30

Fixed

f09ae5a20f23798f10537dc3684b614d0c454fea

Affected versions

v0.*

v0.1.0

v0.10.0

v0.10.1

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.13.0

v0.13.1

v0.13.2

v0.13.3

v0.14.0

v0.14.1

v0.14.10

v0.14.11

v0.14.2

v0.14.3

v0.14.4

v0.14.5

v0.14.6

v0.14.7

v0.14.8

v0.14.9

v0.15.0

v0.15.10

v0.15.11

v0.15.12

v0.15.13

v0.15.14

v0.15.15

v0.15.16

v0.15.2

v0.15.3

v0.15.4

v0.15.5

v0.15.6

v0.15.7

v0.15.8

v0.15.9

v0.16.0

v0.16.0-M1

v0.16.0-M2

v0.16.0-M3

v0.16.0-RC1

v0.16.0-RC2

v0.16.0-RC3

v0.16.1

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.16.6

v0.17.0

v0.17.0-M1

v0.17.0-M2

v0.17.0-M3

v0.17.0-RC1

v0.17.0-RC2

v0.17.0-RC3

v0.17.1

v0.17.2

v0.17.3

v0.17.4

v0.17.5

v0.17.6

v0.18.0

v0.18.0-M1

v0.18.0-M2

v0.18.0-M3

v0.18.0-M4

v0.18.0-M5

v0.18.0-M6

v0.18.0-M7

v0.18.0-M8

v0.18.0-M9

v0.18.1

v0.18.10

v0.18.11

v0.18.12

v0.18.13

v0.18.14

v0.18.15

v0.18.16

v0.18.17

v0.18.18

v0.18.19

v0.18.2

v0.18.20

v0.18.21

v0.18.22

v0.18.23

v0.18.24

v0.18.25

v0.18.26

v0.18.3

v0.18.4

v0.18.5

v0.18.6

v0.18.7

v0.18.8

v0.18.9

v0.19.0

v0.19.0-M1

v0.19.0-M2

v0.19.0-M3

v0.19.0-M4

v0.2.0

v0.20.0

v0.20.0-M1

v0.20.0-M2

v0.20.0-M3

v0.20.0-M4

v0.20.0-M5

v0.20.0-M6

v0.20.0-M7

v0.20.0-RC1

v0.20.1

v0.20.10

v0.20.11

v0.20.12

v0.20.13

v0.20.14

v0.20.15

v0.20.16

v0.20.17

v0.20.18

v0.20.19

v0.20.2

v0.20.20

v0.20.21

v0.20.22

v0.20.23

v0.20.3

v0.20.4

v0.20.6

v0.20.7

v0.20.8

v0.20.9

v0.21.0

v0.21.0-M1

v0.21.0-M2

v0.21.0-M3

v0.21.0-M4

v0.21.0-M5

v0.21.0-M6

v0.21.0-RC1

v0.21.0-RC2

v0.21.0-RC3

v0.21.0-RC4

v0.21.0-RC5

v0.21.1

v0.21.11

v0.21.12

v0.21.13

v0.21.14

v0.21.15

v0.21.16

v0.21.18

v0.21.19

v0.21.2

v0.21.20

v0.21.21

v0.21.22

v0.21.23

v0.21.24

v0.21.25

v0.21.26

v0.21.27

v0.21.28

v0.21.29

v0.21.3

v0.21.30

v0.21.31

v0.21.32

v0.21.33

v0.21.4

v0.21.5

v0.21.6

v0.21.7

v0.21.8

v0.21.9

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.6.0

v0.6.1

v0.6.2

v0.6.4

v0.6.5

v0.7.0

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.9.0

v0.9.1

v0.9.2

v0.9.3