Benoitc Hackney
10 CVEs affecting Benoitc Hackney. Latest disclosed: 2026-05-25. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-47077 | High | 7.5 | 2026-05-25 | Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3… |
CVE-2026-47075 | High | 7.5 | 2026-05-25 | Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r)… |
CVE-2026-47073 | High | 7.5 | 2026-05-25 | Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackney_ws.erl imposes no up… |
CVE-2026-47072 | High | 7.5 | 2026-05-25 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade cod… |
CVE-2026-47071 | High | 7.5 | 2026-05-25 | Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller… |
CVE-2026-47067 | High | 7.5 | 2026-05-25 | Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackney_url.erl converts every unr… |
CVE-2026-47066 | High | 7.5 | 2026-05-25 | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/… |
CVE-2026-47076 | Medium | 6.5 | 2026-05-25 | Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host component after the U… |
CVE-2026-47070 | Medium | 6.1 | 2026-05-25 | Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackney_h3.erl passes the… |
CVE-2026-47069 | Medium | 5.3 | 2026-05-25 | Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Response Splitting. The hackney_cookie:setcookie/3 fu… |