Summary
SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-F59H-Q822-G45G
Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`
- CRITICALGHSA-94F4-HR76-P5J6
vLLM: OpenAI auth bypass
- MEDIUMGHSA-HVCG-QMG6-JM4C
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
- MEDIUMGHSA-HHPQ-7WG4-36JM
CakePHP Authentication: Open redirect weakness via backslash bypass
- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
- MEDIUMGHSA-X2QC-CMH9-F4HF
Deno: Denial of service via non-ASCII bytes in WebSocket response headers